5 tips for secure remote management

23. August, 2021

Every chain is only as strong as its weakest link: attackers only need to find a single vulnerability. At the same time, the “defenders” must have an overview of an often heterogeneous overall system and secure it equally well. Cyber criminals have been exploiting this starting advantage since the turn of the year 2021: instead of finding individual vulnerabilities at individual companies, widespread monitoring and remote access tools are misused for infiltrations over as large an area as possible.

The Solarwinds incident, in which an update unknowingly distributed hacked code, affected an estimated 20,000 organizations. [1] The underlying strategy has since been adapted for ransomware distribution. As a “means of transport” and possible gateway directly in July, a vulnerability in the “Kaseya” software was exploited to infect thousands of systems. [2]

Intentional backdoors into the corporate network?

Be it the Covid-19 pandemic, the increasing trend towards home offices or the often indispensable external access to special systems: While firewalls & Co. are in use to prevent external access, remote access tools are supposed to “simply” enable it again.

These channels must be well monitored and documented. In the worst case, they leverage the entire IT security. A prominent example was the incident at a waterworks in Florida in February 2021, which took place via insecurely executed TeamViewer access.  [3]

5 tips for secure remote access

The following examples offer some initial pointers for improving cyber security for remote maintenance:

  • Inventory & documentation of all external accesses
    Small maintenance tools can become uncontrolled permanent solutions that escape the security radar. All such solutions must therefore be documented and made controllable. Inform employees that these accesses involve risks and require high responsibility.
  • Secure protocols, up-to-date encryption and regular updates
    Insecure access points can transmit internal data and account information unencrypted and thus make highly confidential information accessible to third parties. Only up-to-date, secure software solutions may be used for remote maintenance. Regular updates are an essential requirement.
  • Specific user accounts & 2-factor authentication
    A common major vulnerability is the use of shared passwords and known remote management access. Shared general access is nearly impossible to control. The use of 2FA for every user is a must, especially when integrating external employees who are not under the company’s direct control.
  • Principle of least privilege & need to know
    Each remote maintenance account should allow access only to the critical systems required to perform the activity. Deviations can thus be detected more quickly, and possible propagations can be prevented more efficiently. Essential systems should only be accessible via additional jump servers.
  • Monitoring & Logging
    Complete monitoring of external access helps to detect irregularities more quickly and efficiently. Failed attempts at individual access should be actively monitored and lead to a blocking of the accounts.
    Securing remote management tools requires the highest priority.

Complete monitoring of external access helps to detect irregularities faster and to detect them more efficiently. Failure of individual accesses should be actively monitored and lead to a blocking of the accounts.

You want a holistic security concept and technical protection measures against ransomware attacks? We are happy to advise you sales@ikarus.at or phone +43 1 58995-500! 

Worth reading:

Behavioural analytics, anomaly detection and visibility: additional protection against ransomware

Sources:

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download