Many companies have been forced to enable users remote access through a VPN connection to connect from their personal computers to the corporate network. But there are some problems in ensuring secure network access. Therefore, we must take measures to maintain security and protect the most sensitive data.
Problems for a Secure VPN Connection
With the alarm condition resulting from COVID-19, many companies have been forced to enable remote access via VPN to their network so that users can work remotely. Through a VPN connection and access via RDP or remote desktop, users have been able to connect from their personal computers to the corporate network to work remotely.
Ideally, this connection should be made from a corporate laptop, but this is not available to all companies. The fact that the equipment from which the connection is made via VPN is personal means that IT teams face additional difficulties and challenges in ensuring secure access to the network. Some of them are the following:
- It is difficult to secure the user’s remote or personal computer. There are no administrator privileges on it, so it is not possible to manage the installed software, security level of the computer, etc.
- Antivirus can be installed at the individual level, but not an antivirus or an EDR (EndPoint Detection and Response) managed by the company to control alarms, possible threats, etc. We can improve the security of this remote computer, but the defenses against malware will be lower than those of a corporate computer.
- We cannot or feel it’s complicated control the patch level of the personal computer, so there is no guarantee that it is safe from certain known vulnerabilities.
- Personal computers are usually used by several people in the family: Apart from working, another family member may use the computer to surf and access websites for leisure, with the risk that this may entail.
Risks and Threats using VPN Connections
During this stage of forced remote work, we have seen that the attacks have not ceased. Moreover, the attackers have taken advantage of this state of alert caused by COVID-19 to launch new phishing campaigns and other types of attacks. Even though we protect the connection to the corporate network with a VPN, our employees can be subjected to different types of attacks.
We must also bear in mind that VPNs were not designed for a “Cloud First, Mobile First” environment. They were designed at a time when the infrastructure was primarily on-premise and security was based on performing controls over the network perimeter.
Organizations today have a mix of on-premise infrastructure environments with hybrid public/private cloud environments. There are different layers and scenarios of IT infrastructure, and these layers increase the possible attack vectors when giving VPN users access to the corporate network.
By giving external access to the company’s systems from a device with lower security guarantees than a corporate team, the possibility of critical data leaking from the organization is increasing. It must be taken into account that a VPN access is a direct entry into the corporate network, bypassing perimeter defenses.
In the past, many of the information leaks have been due to remote access by partners to corporate equipment. The company may have certain standards and levels of security, but it is difficult to manage the security levels of certain subcontractors or external partners with whom it is working. This problem, as we say, has been the origin of sensitive information leaks in the past, but now we are in a situation where not only a supplier connects to the corporate network from a computer whose security we do not control, but this has now extended to all employees of the organization.
Security Measures for Connections through VPN
The biggest challenge therefore is trying to ensure that the user and the machine being connected are not compromised. Some of the measures that organizations are taking with this objective are:
- Enable MFA (Multi-Factor Authentication) for VPN accounts so that we control that the person connecting is the one we have given permission for and not an attacker.
- Patch the VPN servers, to prevent them from being free of known vulnerabilities and minimize the possibility of attacking them.
- Perform a more thorough control of privileged accounts, to ensure that users can access their computers, but do not take control over other network resources by mistake.
- Install antivirus that, although they are not used, allow to raise the level of security of the personal equipment.
However, we must not forget what the objective of a possible attacker is and the reason why we implemented this series of measures: The ultimate goal pursued by an attacker is access to our information, to the most sensitive documentation, from which he can take advantage in many ways. E.g. by extorting threats that it will be published and made accessible to everyone, selling it for profit, blocking access to it and demanding a “ransom” for it.
This information is on our file servers which users access via VPN, but it may also be on the personal computers of users who have copied it to work offline from the VPN, etc.
Protecting information in a remote VPN access environment with SealPath
In previous articles we have shown how SealPath can protect information in an environment where users, when teleworking, access corporate documentation stored on Cloud systems, or how to protect information when using collaborative work tools such as Microsoft Teams or Slack.
How can SealPath help protect the sensitive information we manage in a remote network access environment via VPN?
- First, SealPath for File Servers automatically protects documentation stored on file servers in addition to other document managers and cloud applications: When users copy or move documentation to shared network folders after accessing them via VPN, this documentation is automatically protected.
- If you extract or copy protected documentation from these folders to your computers or send it via email, the documentation will be under the control of the company: A user can have permissions to access it, modify it, but not to unprotect it. That is, we will have the protected documentation at rest, in transit and in use, when the user works on it.
- The company will have a complete audit of access to documentation. Many times it is complicated to monitor the connections that are being made from the outside via VPN, but we will have an audit of who is accessing, when, etc. to the sensitive corporate data.
- The administrator may make certain sensitive information inaccessible from external computers or subnetworks. That is, we can make specific confidential documents accessible only from inside the network, but not if we have copied them to our personal computers. It may make sense to copy or work with other documents from the personal computer, but we may want to limit more sensitive documents from being accessed from outside the network.
- Once the teleworking stage is over, we will have the possibility to “remotely destroy” sensitive documentation that may have been scattered on personal equipment. With SealPath, the administrator has the ability to revoke access to certain documents or users.
SealPath makes it possible to keep documentation encrypted and under control anywhere and in a way that is easy for users. It gives administrators a lot of flexibility to configure protection policies and certain controls to ensure that sensitive business information is under control.
In the following Webinar, you can see SealPath in action securing information in a remote work environment through VPN access.
At SealPath we can help you increase the level of security and control over sensitive corporate documentation in a remote work environment. Do not hesitate to contact us contact us and a specialist will advise and help you so that you can have your sensitive information protected and under control wherever you are.
