Remote access offers a high premium on convenience and efficiency but can also be a significant security risk if not properly planned and executed. The good news is that well-established best practices mitigate the vast majority of threats and can maximize the security of your system, allowing you to leverage remote access to the maximum degree.
First, create multi-level, sequestered admin accounts. Windows servers, for example, have a default Domain Administrator account. This is sometimes referred to as the “God” account because it can do everything. Vulnerabilities are introduced when domain admins are overused—which is to say, they’re used regularly. This becomes particularly important when using remote access: the more commonly a domain admin account is used, the more vulnerability is invited. Virtually all day-to-day tasks should be accomplished at other admin levels.
The most secure organizations become familiar with consistently granting and revoking permissions for task-based responsibilities.
These sequestered accounts shouldn’t be structured in an ascending rights order, where each higher-level account level has all of the permissions of the lower-level accounts. Instead, they should be isolated based on the type of access they need, separated by function or system, such as desktop, server, and domain admins.
Along with this structure, you should adopt a least-privilege admin model, which dictates that any administrator should only have access to the network locations needed to complete any individual task. The benefit of this approach is that even if (or realistically, when) an account is compromised, the potential damage is automatically contained and can be more easily and rapidly addressed. This requires disciplined enforcement: human nature dictates that users default to using the account with the highest level permissions, and forming good habits among your admin team is crucial to maintaining the efficacy of your structure.
Permissions and roles aren’t static: your organizational structure and IT needs are dynamic and evolving. The most secure organizations become familiar with consistently granting and revoking permissions for task-based responsibilities. If someone needs to remotely access your system for something minor, such as installing a patch, add the user to the appropriate permissions group, then pull their access as soon as the task is complete. You’ll find this particularly useful if you have a high rate of turnover in your IT team or if vendors access any aspect of your system. It can be easy to grant someone access and then forget that account exists, which can allow subsequent remote access you don’t want.
Next, require two-factor authentication for any remote access. Even if an account and password are compromised, access is precluded without the second authentication factor. The second factor is generally derived from one of these three areas:
Something you know: e.g., a PIN or authentication questions.
Something you have: this takes the form of a physical token, such as an access card or fob.
Something you are: these are biometric indicators, such as a fingerprint or eye scan.
Another proactive defense mechanism is to monitor Active Directory reports regularly: this will help you know if, when, and where you’re being attacked. Signals such as a spike in failed password attempts, account lockouts, or changes to privileged groups (such as the various admin levels) are likely indicators of an unauthorized access attempt. You should also regularly monitor all activities taken by admin accounts, including local administrators.
Investing in automated monitoring software is crucial to ensuring the effectiveness of your efforts. The sheer amount of traffic and activity virtually guarantees that any manual monitoring will fail to detect some penetration efforts. You can configure your software to run multiple types of scans that will alert you to any anomalies.
A properly structured network with appropriate permissions and policies creates a series of speedbumps that will slow any unauthorized activity to the point where it can be stopped before any serious compromise occurs.
As you monitor account activities, regularly purge old user accounts at all levels. Stagnant accounts increase your potential attack surface in numerous ways and eliminating or locking them out significantly mitigates this vulnerability. This practice also psychologically reinforces the mindset that accounts should only exist to be actively used at the appropriate level and downgraded or eliminated when their job is complete.
Effective IT security involves a mixture of mechanisms (such as sequestering admin roles to various systems or workstations), policy (like requiring admins to use their least-privileged account access to accomplish work), and enforcement (e.g., scanning network activity and quarantining any systems or accounts displaying irregular use patterns). Your goal is not to prevent any account from ever being compromised: this is an unrealistic goal and would be an exercise in frustration. However, a properly structured network with appropriate permissions and policies creates a series of speedbumps that will slow any unauthorized activity to the point where it can be stopped before any serious compromise occurs.
We can help
Dynamic provides solutions to mitigate remote access security risks, so your internal IT team can stay focused on innovation and business goals. Contact us today to get started. Call 866-399-1084 or email us at firstname.lastname@example.org.
Moiz Bhinderwala leads the technical services and logistics teams at Dynamic. With more than 10 years of experience in the IT industry, Moiz has deep knowledge of the complex technological landscape, working closely with clients to understand their IT challenges and help design custom technical solutions to meet their business goals.