Cameyo Blog

  

Is It Time to Re-Evaluate the Security of Your Remote Work Solutions?

August 06, 2020
By Brandon Lee

Your organization, like many, has no doubt undergone a tremendous change in the way employees carry out their daily tasks since the beginning of the year.  As the shift for the majority has been to a remote workforce, organizations have had to adapt to the needs at hand due to COVID-19.Blog Post Image for Re-Evaluating Security for Remote Work

However, there is no shortage of security concerns regarding today’s remote work strategies.  The technologies that were initially provisioned for remote work in “phase 1” may have been configured in haste, leading to incomplete configurations or remote infrastructure that were not configured with security in mind.  

Most organizations are now settling in for the “long haul” in their remote work strategies due to the “new normal” that exists for the foreseeable future.  How can your business effectively transition from “phase 1” remote work deployments to more permanent solutions that do not compromise security? What technologies are well-suited for a more long-term remote work infrastructure solution? Let’s take a look at this transition, why it may be needed, and the solutions that can help you make the shift.  

Why re-evaluate remote work solutions?

First of all, let’s try to understand why it may be wise for your organization to re-evaluate the tools and solutions used to empower remote workers.  There are several factors that may lead to a less than optimal remote work environment from a security perspective.

  1. The need to react quickly
  2. Legacy remote connectivity technologies
  3. Employees using personal BYOD

In regards to how organizations have had to react since the COVID-19 pandemic, let’s take a look and see how each of these factors come into play.  Also, let’s review how these can potentially lead to major cybersecurity issues as the remote work situation continues.

The need to react quickly

When we think back to how the pandemic unfolded, literally overnight it seems, businesses had to completely shift their workforce away from “brick and mortar” office buildings to a remote workforce. This likely included your own business.  

Shifting to a mostly remote work layout for employees is no insignificant task.  Generally speaking, under normal circumstances, it might take weeks or months to properly design, build, and POC infrastructure to support a major shift to remote work for the majority of employees.

However, due to the rapid spread of the pandemic, businesses had literally days and not weeks/months to build out infrastructure or put in place solutions that would empower employees to maintain productivity amid shelter in place mandates and directives.

Being forced to react quickly can lead to making mistakes or overlooking important areas of configuration that may lead to security vulnerabilities.  Additionally, businesses may have foregone the extra configuration and provisioning required for additional security measures simply due to the time constraints.  

Legacy remote connectivity technologies  

To quickly support a shift to remote work for employees, businesses may have opted for the often easier to configure and legacy remote connectivity technologies.  What might these types of technologies include?

  • VPN – Virtual Private Network
  • Improperly secured Remote Desktop Session Hosts

VPN is a technology that has been around for decades now.  Many organizations have used it over the years to allow remote workers to have connectivity and access to internal network resources that reside inside the perimeter firewall.

While VPN is a way to get employees connected quickly to the internal corporate environment, it can bring with it many security concerns.  VPN works by creating a tunneled connection from the remote end user client device to the corporate network.  

The end user client device becomes part of the corporate network.  With that said, the client device and potentially any malicious software or security concerns present are now directly connected to the corporate network.  This type of connectivity in most cases is far beyond what is actually needed by the end user.  

An additional concern with VPN is that end users can easily exfiltrate data from the corporate network directly onto their personal machine they are using for connectivity.  This breeds an environment that is ripe for data leak concerns. Often, end users simply need to work with corporate applications.  While VPN can make this possible in many cases, it is not the best connectivity method from a security standpoint.  

Another technology that organizations may have deployed as part of their phase 1 business continuity plan during COVID-19 is Remote Desktop Session Hosts (RDSH).  Remote Desktop is a tried and true technology that allows remote employees to have access to business applications.  It is arguably a more desirable and feasible means to provide access to resources than VPN.  Since the client device accessing internal resources does not become part of the internal network, as is the case with VPN, security concerns on the client device are minimized.

However, Remote Desktop has its own set of cybersecurity issues.  Remote Desktop requires several “moving parts” to ensure it is configured correctly and in a secure fashion.  These include:

  • Remote Desktop Gateway
  • Remote Desktop Session Broker
  • Remote Desktop Session Hosts
  • Properly configured firewall rules

If any of the components of Remote Desktop Session configuration is misconfigured or neglected, attackers can easily capitalize on those missteps to attack your network.  The RDP port 3389 is notoriously insecure and attackers love to find open RDP ports facing the Internet.  

In the haste of standing up Remote Desktop Session Hosts, organizations may have foregone the extra configuration and effort needed to stand up a Remote Desktop Gateway in front of the RDSH servers.  Instead, they may have simply exposed an RDSH server to the Internet.  While this is quick and easy, it is dangerous.  

Attackers often combine attacks against RDP with ransomware.  Several ransomware variants are known to attack and spread through RDP ports.  These include Dharma, SamSam and CrySiS.  Attackers are heavily targeting business environments and RDP often is the quick and easy path into the network of a targeted business.

Employees using BYOD

For many organizations, there may not have been time to procure and provision laptops or other devices to “corporate issue” a device for remote workers.  In many cases, if employees had their own device, including a PC or laptop, they may have since been allowed to use their personal devices for remote connectivity to business resources.

While organizations had to make this call in many cases due to the quickness in which adjustments had to be made, BYOD can open an organization up to all kinds of cybersecurity issues.  Personal devices are not secured and maintained to the same degree and standard as corporate issued devices.  Additionally, they are not bound by the same network and application policies that help to protect corporate resources. 

Personal devices may contain malware, or potentially unwanted programs (PUPs) which can lead to cybersecurity threats targeting the corporate environment.  This is especially the case with VPN connections.  As mentioned, VPN brings the device onto the corporate network.  However, even when VPN connections are not the method used for connectivity, malware can still steal sensitive data, credentials, and lead to data leak when infected personal devices are used for remote connectivity.

Transition to a more secure and efficient solution

We are now months into the COVID-19 pandemic and there is no end in sight for a shift back to an on-premises workforce.  It is crucial that organizations that may have quickly introduced a solution for remote connectivity in their phase 1 transition now re-evaluate the technologies and processes used to empower their remote workers.

We have seen two major breaches disclosed in the past couple of weeks that have happened during the pandemic – Blackbaud and Garmin.  It helps to underscore that cybersecurity threats and risks are continuing despite the current situation.

Organizations must stay vigilant and understand that they cannot take a break from cybersecurity.  This involves continuing to make adjustments to their remote work technologies and now revisiting security vulnerabilities in solutions that were provisioned initially.

What can be done? Below are a few recommendations.

  1. Make a transition away from legacy remote connectivity solutions such as VPN.
  2. If Remote Desktop Session Hosts were initially exposed to the Internet to allow quick and easy access, stand up a RD Gateway for proper RDP over SSL tunneling.  Avoid exposing RDP port TCP 3389 to the Internet at all costs.
  3. If VDI solutions were provisioned, make sure the proper secure architecture is used for access.  In the case of VMware Horizon, this would involve making sure Horizon Connection Servers are behind Unified Access Gateway appliances with proper firewall rules in place.
  4. Revisit using BYOD devices.  If these must be used, use a “Live USB” stick approach that allows employees to boot their devices into a parallel “corporate issue” environment, free from software, applications, and other installations that can introduce risk to the environment.
  5. Use a virtual application delivery platform as a much better and more efficient approach to other types of remote access technologies.

Virtual application delivery provides efficiency and security for Remote Workers

Basically, all of the remote solutions mentioned throughout are generally for the same purpose – to allow remote employees to access the applications needed to carry out business-critical operations. The most efficient way to do this is to provide remote access not to a network, a desktop, or some other environment, but to the application itself.  

Virtual application delivery eliminates the need to provision the unneeded resources required to provide a “desktop environment”, but instead presents the application to the end user in a way that allows them to effectively run processes, reports, save data, interact with data, and carry out normal tasks efficiently.

It drastically reduces the attack surface since the ports and infrastructure needed to provision and provide an entire desktop environment are no longer needed.  In modern implementations, it allows presenting applications from the security of a simple web browser session that is secured and encrypted via an SSL tunnel.  

As you evaluate how to transition away from the initial implementation of your remote work environment to a much more secure, efficient, and modern approach to providing remote connectivity to employees, virtual application delivery should be on the top of the list of tools and technologies considered.    

Wrapping Up

With cybersecurity risks that have elevated during the COVID-19 pandemic, organizations must re-evaluate how end users are able to remotely connect to business-critical resources for productivity.  Initial configurations to empower remote workers may be filled with cybersecurity risks and may need to be revisited.  

Taking a look at longer term and more secure solutions to allow remote workers to connect to your infrastructure will ensure a much more effective security stance during the current remote work situation.  Revisiting the technologies that are being used for remote work is an important step.  Transitioning away from legacy solutions and ensuring that solutions in place are configured correctly and completely for security are extremely important.  

Focusing on the true resources that are needed - applications - is a great way to reduce the footprint needed in terms of infrastructure and allows reducing the attack surface.  Virtual application delivery provides a powerful way to provide access to those resources in a secure and efficient manner.  

Filed Under: Application Virtualization, Virtual Desktops, VDI, Virtual Desktop Infrastructure, Security, Virtual Application Delivery