What should be watched when office network is accessed remotely
Current world situation forces many a people to work remotely – e.g., from home. While it is the safest approach to diminish possible risks to health, there are information security risks and challenges appearing in the wake of the trend.
Working remotely can be tricky; especially when we talk about a network and/or system administrator work. What’s worse, administrator’s access shouldn’t be interrupted, putting the entire setup at stake. What should be paid attention to in such a situation?
In normal situation, there’s usually fair enough network speed available for all business activity within the intranet.
However, when most staff switches to work remotely, network speed at the intranet gateway can become a bottleneck. To prevent that, traffic monitoring can reveal whether the Internet connection(s) can handle peak remote activity without reducing network speed to a crawl.
Tip #1: if there are several Internet connections for office network, it would be useful to reserve one of ti, or most of its capacity solely for administrator’s access; otherwise, it wouldn’t be possible to efficiently adjust the network configuration.
Tip #2: if business processes include internal services network exchange (e.g. some intranet services communicating with other services within the same intranet), avoid passing that traffic through external connection. For example, if running a service expects its communication with intranet-located database, it would be unreasonable to run the service from outside (since the database traffic will also be passing in both directions, wasting precious bandwidth). Instead, use SSH or Remote Desktop connection and run the service from intranet (as expected).
When an employee connects to the intranet from outside, it opens a possible security breach possibility, widening the security perimeter, requiring constant attention.
Apart from new threats (since external system, connecting to intranet, may as well be infected with malware – and intranet services should be well-guarded against these new dangers), remote access also requires enforcing access control.
Tip #3: with sensible data transiting intranet border, it may be next to impossible to efficiently trace their movement and/or prevent undesirable access to it. Thus, one should make sure that HIDS (host-based intrusion detection systems, such as Snort) are available and monitor internal traffic for possible anomalies.
Similarly, Syslog-like monitoring may be enabled to detect unwanted access attempts and/or suspicious firewall-blocked activity.
Tip #4: with security-related problems coming in numbers, it is mandatory to make sure there are not only viable services with all the latest security updates applied, but all critical data and services backups being done on regular basis.
Depending on one’s company specifics, one’s mileage can vary. There can be many other concerns, apart from those already mentioned, but almost all of them are related either to availability of resources, or to their capacity.
If you administer your own intranet, feel free to share with us your situation and your specific concerns, or leave us a comment below.