Safe remote work during the coronavirus pandemic - part 1

Sat, 03/28/2020 - 21:23

With the spread of the corona virus in Iran and the world and the increasing threat to people's health, the business world has undergone many changes in the last few weeks. This disease has created widespread fear among people and has created many problems for most businesses and has led to the closure or serious reduction of the activities of many organizations and companies. Many employers have voluntarily decided to work remotely to reduce the spread of the virus and control the disease, as well as to continue the activities of their organization. Performing tasks in the home environment and in the form of remote work, along with countless advantages, also has weaknesses that being aware of them can help employees in performing their tasks as well as possible. Paying attention to issues related to information security in remote working conditions is one of the biggest concerns of organizations. Therefore, in order to fulfill its mission in the field of awareness, the APA Specialized Center of Razi University has provided the following tips and security items to minimize possible threats in remote working conditions.

 

Advice to network managers and organizations

RDP hardening solution

Considering the widespread use of RDP when working remotely, it is necessary to follow the rules to secure this service. Some of the measures that can greatly reduce the destructive effects of attacks and also reduce the vulnerability of your organization to RDP-related attacks are as follows:

  • Perform regular and rigorous data backups, test backup copies after each backup.
  • Using secure communication methods with the internal network through VPN tunnels.
  • Regular update of operating system and application software.
  • Using reliable antiviruses and updating them continuously.
  • Not using a user with admin level (Administrator) for remote access and defining authorized users with specified and limited access.
  • Appropriate policies to use a complex password with a length of at least 8 characters, periodically changing passwords and using multi-step login mechanisms.
  • Setting up the servers in such a way that a certain ceiling and a limited number of unsuccessful attempts are determined for successful login, this process is different in different operating systems and is very simple but effective and it prevents the success of many dictionary-based attacks or stealing passwords. .
  • Using a firewall and applying rules and maximum limit settings, so that all communications are cut off and only authorized services are allowed to access.
  • Using reporting software to check the events and occurrences of users entering and exiting through remote communication, etc.
  • Double caution when using username and password for remote access, especially when connecting from other people's computers. All kinds of key loggers and trojans can enable attackers to access servers by secretly stealing typed information.
  • Restricting remote access to specific IP addresses only.
  • Do not download and use attached files from invalid and unknown email addresses.
  • Change the default port.

Authentication & Authorization

  • Verification of the multi-factor identity of remote employees
  • Issuance of access licenses to the organization's servers for each remote user
  • Defining the access time and expiration date of the user account
  • Separation of user duties with permissions/granting permissions based on role or realm
  • Examining the health of the remote user system


Access & Policy Enforcement

  • Unauthorized traffic filtering
  • Access control at the level of various organizational services
  • Centralized policy making and configuration


 Connectivity & Management

  • Ensuring the confidentiality and integrity of communication traffic
  • Using the password algorithm
  • Connection based on need and on demand


 Privileged users under magnifier

  • event writing
  • Track user activities


Providing secure collaboration tools for remote workers

Not having the right remote work tools leaves employees in the hands of other methods of communication, some of which may not be reliable. For example, a Google Docs document whose access is set incorrectly can be identified by a search engine and become the source of an organizational data leak. The same thing can happen to the data in the cloud storage. A collaborative environment like Slack can also lead to data leaks, where someone could accidentally gain access to the entire history of files and messages. In this situation, choosing the right collaborative environment for you in terms of security and functionality is up to the user. But ideally, the registry should ask for the corporate email address. Also, if necessary, a manager should be considered to deal with these issues. It is more important that an awareness meeting is held before allowing employees to work remotely (which can also be held remotely). In this meeting, it can be emphasized that they only use the cooperative system used in the company. It should also be emphasized that if confidential information is disclosed, they will be responsible.
One of the most common software applications in the field of virtual education and online meetings is Adobe Connect. Unfortunately, in most of the monitored systems, it has been observed that the system is available without defining a user and obtaining a password in such a way that anyone can log in simply by entering the URL of the server and by entering the number of the virtual meeting room or virtual class, which leads to the disclosure of information. will be. Therefore, it is recommended to pay attention to the following points in order to maintain the security of systems based on this software:
- Strictly avoid making the system available without using the username and password information and determining the policies of using a strong password to enter the system. The system administrator can set the necessary security policies for user login and password in Adobe Connect Central. It is also necessary to limit the number of failed login attempts.
- Not using the guest user.
- Use of SSL to maintain the security of network traffic and also avoid forcing users to lower security settings or browser version to avoid the need for SSL.
- Failure to launch other services on the Adobe Connect server: It is recommended to launch the Adobe Connect server separately and not to run other services such as domain controller, web server or FTP server on the Adobe Connect host server machine.
- Update and install application and host operating system security patches.
- Securing the operating system and using a firewall on the host server and closing unused ports as well as limiting access to domestic addresses.
- Backup of information and database in principle. It should be noted that the videos prepared from the meetings can contain valuable information and be used for contacts who cannot be online for any reason. Of course, this should be done with proper security measures.
- Periodic review of system security and log files to ensure the establishment of security policies and detect any anomalies or attempts to penetrate.
Create VPN access for employees
One of the ways to create a secure communication platform is to implement a VPN service for organizations, so that the employees of an organization can access the organization's internal network on the Internet. Considering different VPN protocols like L2TP and PPTP etc. The L2TP protocol is recommended to various organizations and offices as a standard protocol due to its high security (strong 256-bit encryption) and advantages such as compatibility with all operating systems.

 

Advice to teachers, students and students

  • Use encrypted communication (https) to communicate with the educational system.
  • Change your default password the first time you log into the system.
  • Make sure necessary security software such as antivirus and firewall are installed and active on your system.
  • Make frequent backup copies of the produced educational content and activities.
  • Do not pay attention to emails and messages that are seductive, suspicious or sent by unknown people and avoid downloading attached files and software and running them separately.
  • Since most professors use cracked lock software such as SnagIt and BB FlashBack to create educational content, it is recommended to use alternative free and open source software instead of using suspicious and malware-infected cracks:
    • It is a free alternative to screen capture and make educational videos of ActivePresenter and OBS Studio software. Moodle software is also a good alternative to the learning management system (LMS).
    • If you need to send content in an encrypted form, you can use the facilities available in Microsoft software or use open source encryption software such as VeraCrypt to increase security.
    • In case of producing educational content, make sure that no private information is available in the videos and audios prepared by the teacher. For example, erasing passwords entered during screen recording.

 

Advice to remote employees

Checking the home wireless network

Changing the default username and password: Change the default username and password of the management console of the modem or wireless access point through the user panel of the device.
Change the default wireless network name (SSID): Choose a name that has nothing to do with where you live or your last name.
Check the encryption model: Configure the modem or wireless access point device to use the strongest encryption model (WEP encryption model is not secure).
Choose a strong password: Choose a strong password to connect to the network and share it only with trusted people who are going to access the network.

Hardening devices connected to the home network

  • Continuous update: operating systems, browsers and software installed on devices should be updated continuously (it is recommended to use automatic update solutions if possible).
  • Activation of protective features: Features such as firewall, antivirus and anti-ransomware must be active on all computers and devices connected to the network.
  • Two-step authentication: If the software used supports this feature (two-step authentication), it is recommended to activate and use it.
  • Activating the backup function: in case of various problems, regular backup of the information on the computer can help us in data recovery.

Safe remote work

  • If possible, only devices and laptops provided by the organization should be used. Others should not have access to the organizational device.
  • Do not use shared systems (such as children's laptops) to connect to management systems.
  • If you use shared systems at home, be sure that all family members observe security considerations. Such as not downloading and installing suspicious software, not visiting malicious websites, making sure that protective software such as antivirus is active.
  • While working remotely at home, you should be careful of people around you looking at the system screen (for example, pour yourself a cup of tea while you are gone!).
  • Choosing a PIN code or a biometric (eye iris or fingerprint) can be an effective way to unlock the screen and protect organizational information.
  • Do not use public wireless networks such as (hotels, restaurants, coffee shops) to do organizational work.
  • Under no circumstances, do not use public systems (such as those in libraries) to do organizational work.
  • As soon as you suspect that a device containing organizational information has been hacked, damaged, lost or stolen (even in the middle of the night), immediately discuss the issue with the organization's security team.
  • Do not allow others to connect their devices such as flash drives or mobile phones to your laptop or device containing your organizational information.
     

Created by APA Center of Razi University