Unless you’ve been living under a rock for the last nine months, you should be aware that working conditions have changed immensely in 2020. Companies around the world have moved to remote-first or remote-only working conditions to avoid the potential spread of COVID-19. While this is a smart and necessary precaution to take, and even provides certain benefits, it is crucial for companies to make sure that they are implementing remote working tools securely and appropriately. In this article, we examine some of the common toolsets used for this purpose and how they should and should not be used in an average Small and Mid-Sized Business (SMB) environment.
What is Remote Access Technology?
To begin, its important that we define what remote access technology means in the context of this article. Remote access technology refers to any IT toolset used to connect to, access, and control devices, resources, and data stored on a local network from a remote geographic location. This is different from using a cloud solution, as it provides access to an on-premises environment rather than being hosted offsite in a shared environment and available via the internet. This makes remote access crucial for businesses of all sizes which have not moved to a cloud-first model, or which require access to on-premises machines or resources. Three of the most common remote access technologies – Remote Desktop Services, Remote Access Software, and Virtual Private Networks – are examined in detail in this article.
What Are Remote Desktop Services?
Remote Desktop Services (RDS), also known as Terminal Services, is one of the most common methods used by SMBs to enable remote work. By using RDS, individuals can remotely connect to an endpoint device or server which supports Remote Desktop Protocol (RDP) via a Terminal Server. The connection can be made over a local network or internet connection and gives the user full access to the tools and software installed on the machine they connect to. This method is frequently used by IT departments to remotely access servers, or to provide easy local software access to multiple employees.
One common business application which is frequently used with RDS is Intuit Quickbooks. Many companies install the application on a central Terminal Server instead of individual computers, allowing multiple users to connect to the software on a remote device via RDS and access the toolset.
Remote Desktop Services and the SMB
Though RDS can be used on a local network to facilitate shared access to devices and resources, organizations need to access RDS services over the internet to be an effective remote working tool. However, this is becoming increasingly risky as the cybersecurity landscape evolves and is now one of the most common methods cyber attackers use to identify and breach networks. Terminal servers typically only require a username and password to access, and are easily identifiable over the internet, meaning that attackers can more easily use lost or stolen credentials to gain access to the system. Additionally, RDS has several unique vulnerabilities which can allow an attacker to bypass the login system altogether.
The workaround to use RDS securely over the web requires using an additional dedicated server – often called a Remote Desktop (RD) Gateway – to broker the connection. RD Gateways use tunneling protocol to send private, secure communications over a public network like the internet, making the process of using RDS over the internet much more reliable. This type of solution is ideal for larger organizations which have multiple Terminal Servers and can tolerate the relatively high cost of the additional server but can often be cost-prohibitive for SMBs with leaner infrastructure.
What Is Remote Access Software?
Remote Access Software offers an alternative to RDS and leverages a dedicated software to remotely connect users to an endpoint device from anywhere in the world via the internet. This method of remote access is typically the easiest to implement, as it only requires the user to install the software on the computer to be accessed. This type of remote access is especially useful when most of the organization’s endpoint devices are desktops.
Remote Access Software and the SMB
Many SMBs opt to use Remote Access Software to receive a secure RDS-like experience to computers that are already in the office. While an attractive solution, this can prove more expensive and intricate to manage with several users compared to alternatives. All workstations must remain powered on for users to connect to them, which can lead to increased power consumption and discourage regular rebooting of systems. Remote Access Software also adds an additional layer of complexity to patching strategies, as the software can be exploited to provide a hacker with unauthorized access to the network if not properly updated. Some Remote Access Software vendors offer automatic updates, which are highly encouraged for any business planning to leverage this technology.
What Is a Virtual Private Network?
A Virtual Private Network (VPN) is a technology which creates a smaller, private network on top of a larger public network – most commonly the internet. By logging into the VPN, users can gain internet-based access to applications that would otherwise only work on local networks. The goal of any client-based VPN solution is to provide remote employees with the same level of access as onsite. However, this is functionally different from an RDS session, as it does not allow full access to an entire desktop, but only specific applications, software, and other resources which the user has been given access to.
Virtual Private Networks and the SMB
Organizations of all sizes frequently use VPN technology to securely access remote resources from multiple locations. Unlike RDS, VPN connectivity does not require additional dedicated hardware to function securely over the internet and is designed to be particularly secure. Most VPN connections are encrypted using either Secure Sockets Layer (SSL) or Transport Layer Security (TSL) to ensure that the data cannot be read by malicious third parties.
Most SMBs use their existing firewall to provide VPN connectivity, as many firewalls contain a VPN server and client. While this solution offers a relatively inexpensive method of connecting a remote machine to a central location, it also comes with security challenges. VPN connections essentially allow endpoint devices to remotely enter the central environment, meaning that devices which are not configured to the same security standards as the rest of the central network can present security risks. Therefore, VPN is an ideal solution for organizations which provide end-users with laptops controlled by the business and configured according to organizational standards.
Organizations of all sizes must take all possible precautions to prevent malicious parties from accessing corporate resources and networks. To do so, practicing basic password security to control authentication for all users on corporate resources is an important first step. Basic password security guidelines include:
- At least eight characters
- The longer is better
- Add complex symbols
- Change at least every 90 days
In addition to the guidelines described above, additional authentication methods are strongly encouraged. Check out our recent article on multi-factor authentication systems for more information and recommendations.
Setting Access Limits
It is up to each individual organization to determine which users can access which resources remotely and for how long. However, it is unlikely that any organization will find all employees requiring the same level of access, and many common compliance regulations specifically prohibit this. Many common professional tools and applications such as email, Microsoft Office Suite, and major line of business applications are now cloud-based and accessible via the web, reducing organizations’ dependence on remote network access solutions like those outlined above. Similarly, many modern file sharing/storage platforms like SharePoint, OneDrive, and Egnyte provide users with secure access to personal and shared files over the internet, eliminating the need to remotely access an on-premises file server.
For organizations whose employees do require remote access to the network, it is crucial to ensure that all access permissions are properly evaluated before being assigned and properly documented once given. It's as simple and logging those permitted to access remotely, using what method, and for how long.
Now more than ever, organizations of all sizes are turning to remote access technology to ensure business operations can continue, even when access to a physical office is limited or impossible. Increasing access to your network to your employees comes with the risk of unauthorized access by cyber-miscreants who may use this as an opportunity to gain access or infect you with ransomware. However, by taking the correct precautions and selecting the right remote access solutions for their specific needs, organizations can minimize their risk while maximizing their ability to work effectively in remote-only or remote-first conditions.