This is the fourth in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on secure remote access.
Secure Remote Access
Secure Remote Access is the ability to connect to company resources from anywhere in a manner that does not compromise security. This can be done by several means including remote access software, Virtual Private Network (VPN), or File Sync & Share (FSS). Here are some questions that you should be asking yourself:
Does anyone in your organization work from home or remotely?
How are they remotely connecting to the office?
Are you able to revoke access to the office if they leave the company?
If that connection is a modern VPN, what type of security does it use?
Is your VPN based on passwords or certificates?
Does the VPN log usage statistics?
If that connection is a remote access software, what type of security does it use?
Does the software limit who has access to which resource?
Does the software log who is logging in and for how long?
If that connection is via FSS, what type of security does it use?
Does your FSS have file versioning, backups, and ransomware protection?
Does the FSS limit who has access to which resource?
Do you use 2FA as part of your remote access?
Take time to think about these questions and decide where changes can be made to better protect your IT investments, or contact us to do the thinking for you.
The COVID-19 scare and ensuing rush to remote access has us thinking security. What is more basic to security than passwords. In an effort to find a way to make passwords both secure and easy to remember, I have found a website that seems to fit the bill:
NIST is the National Institute of Standards and Technology. It acts as the defacto baseline that all other security and compliance organizations use to construct their standards. Reading their publications is like reading any other government document – extremely long and not interesting. Farmhouse Networking recently became aware of one such document called NISTIR 7621 aka Small Business Information Security: The Fundamentals. We took the time to distill out the main points here:
The Fundamentals aka Best Practices
Identify: Who has access to the network, who has access to the data, and what do they have access to. This includes background checking employees during the hiring process, taking an inventory of data to see who needs access to what, requiring that each user have their own login, and company policy creation.
Protect: Protection starts with separating data into shares then giving access only to those who really need it. It also includes protecting hardware with uninterruptible power supplies (UPS) and protecting software with regular updates. Protecting the network includes setting up a proper firewall, separate wireless for guest access, and VPN only access for remote users. Web filtering, SPAM filtering, file encryption, proper disposal of old equipment, and employee training are also mentioned.
Detect: Having a centrally managed antivirus software on each workstation is a must. This includes the ability to look back in time via log files or monitoring system to find the root of the security breach.
Respond: Have a disaster recovery plan and security incident response plan in place.
Recover: Need full backups of all important business data, invest in cyber insurance, and regularly access your technology to find timely improvements.
If your company does not meet these fundamentals, then contact us for assistance.
Found myself setting up a client with a remote desktop connection to a local workstation from a remote site to use their Client Management System (CMS). Even after successfully getting them connected to the local workstation and warning them there would be issues with using their network printer at the remote office, they stated it would be just fine. Found out later indeed they were not able to use the printer successfully due to the inherent issue with network printers across a Remote Desktop Connection. Found this little workaround to provide Remote Desktop network printer redirection in the Microsoft forums:
Click on the Start button and open Control Panel then open “Devices and Printers”
Right click on the network printer that needs to be redirected and choose “Printer Properties”
Click on the Ports tab and put a check next to “Enable printer pooling” and next to the “LPT1:” in the list then click the OK button to finish.
Click on the Start button and open Remote Desktop Connection then click on the “Local Resources” tab.
Click on the “More…” button at the bottom then put a check next to the Ports item then click the OK button.
Make sure to go back to the General tab and click on save before clicking on the Connect button.
Once connected download and install the needed print driver but do not create the printer itself yet.
Inside the Remote Desktop connected computer click on the Start button and open Control Panel then open “Devices and Printer”
Click on the Add Printer button at the top then click on the “The printer that I want isn’t listed” link at the bottom of the window that opens.
Click on the radio selection next to “Add a local printer or network printer with manual settings” then click on the next button.
Click on the list “Use an existing port” and choose “TS001:” which usually corresponds to the LPT1: port redirection, but it may take some trial and error going through this list later to figure out which one it is.
Search through the list of drivers to pick the one associated with the one being connected then click on the Next button.
If requested, choose to “Replace the current driver” and click on the Next button.
Change the name as needed and click on the Next button.
Choose “Do not share this printer” and click on the Next button.
Test the printer by clicking on “Print a test page” then click the Finish button.
If the printer does not print then open the printer properties on the Remote Desktop connected computer and change the port to TS002: on the Ports tab, click Apply then click “Print a test page” on the General tab to test again. Repeat down the list until the correct port is found. If your company is using Remote Desktop Network Printer Redirection or need help getting the network connected printers working properly, then contact us for assistance.
I have had the privilege of using a new remote support tool called ScreenConnect which was recently acquired. This tool has all the major features of other remote support tools including a built in screen annotation feature and OCR capability that feeds into the built in research tool. Looking forward to training and trying all the features of this wonderful new software.