ICS Remote Access
ICS Remote Access
Many businesses now permit employees to work remotely because to the rapid development of cloud technology and the ubiquitous availability of broadband internet. After all, flexibility and productivity are increased by being able to work from anyplace. For the IT professionals who must set up the infrastructure to accommodate remote work, things are less pleasant. Other significant projects, such as crucial security-related ones, are being placed on hold as they work to assure uninterrupted access to services and applications. Cybercriminals are increasing their attacks as they become aware that businesses are more exposed than ever.
Checklist 1: Ensure the security of your remote configuration.
Here are some helpful hints for making your infrastructure as secure as possible, regardless of how far along you are in building it up to allow remote office work:
- Use managed devices whenever possible. For each machine that joins your network:
- Enable encryption using FileVault on macOS and BitLocker on Windows.
- Set up a firewall and antivirus protection.
- Verify that the seller is still offering support for all operating systems and other software.
- Ensure that all essential updates are installed and that all operating systems and other applications are current.
- Implement a strong password policy, turn off auto-login, and enable auto-lock.
- Enable remote lock/wipe and "find my device" features.
- If you can't use managed devices, distribute an information security handbook to all staff members outlining the security precautions required and advised for remote workers.
- Consistently provide your staff with security awareness training.
- Use a Virtual Private Network (VPN) to secure access to the company network to ensure network security. SSH is advised for application security because it is possible for your remote users to connect via public Wi-Fi networks.
- To prevent unwanted access to cloud services and VPN accounts, if at all possible, employ two-factor authentication.
- Steer clear of the Remote Desktop Protocol (RDP). If you must employ RDP:
- Avoid opening RDP up to the internet. Every action must pass over a secure connection.
- Avert RDP connections made directly. RDP sessions should be forced through Remote Desktop Gateway if users need access to the desktop (ideally, in a DMZ).
- Limit RDP access to people and servers on a whitelist.
- Avoid using standard port numbers when configuring remote connections.
- Limit remote access to a whitelist of trusted IP addresses, if at all practicable.
- To prevent unwanted access, whenever possible, disable the "everyone" and "anonymous" permissions.
- Establish a stringent security policy for outside contractors using your network.
Checklist 2: Reducing the threat posed by your increased assault surface
Your environment will become more secure as a result of the actions in the previous checklist, but your attack surface is still bigger than ever. Use the following recommendations to further enhance risk management:
- Adhere to fundamental housekeeping best practices. In particular: * List all accounts that are inactive and unused, then delete or disable them.
- Review all permissions and eliminate unwanted or excessive ones, especially remote access permissions.
- Reduce the number of accounts with privileges.
- Rework the delegation paradigm for AD.
- Turn down or remove unnecessary network services.
- Make your Group Policy better.
- Make sure your password policy is set up properly. Check the length and complexity requirements, paying attention to making sure that passwords are simple to remember but challenging to decipher.
- Implement an account lockout policy to stop attackers from accessing your internal network by figuring out a user's password. However, don't set the number of failed attempts before lockout so low that you annoy real users—who will undoubtedly make the odd typo—and they lose productivity.
- For access control across your infrastructure, use Azure AD groups and Active Directory. Check your groups and group membership frequently to make sure nobody has been given excessive permissions.
- Check to see that NTFS permissions and permissions to shared resources like Teams, OneDrive for Business, SharePoint, and SharePoint Online adhere to the least-privilege concept.
- Adhere to these areas' best auditing practices:
- Configuration auditing – Check that all crucial resources are configured in accordance with your security baseline, and check every change to a configuration for mistakes and malicious behavior.
- Access auditing – Keep track of VPN logins as well as logons to on-premises and cloud resources.
- Activity auditing – Track user activity in cloud applications that help remote workers, such as Teams, OneDrive for Business, and SharePoint Online, particularly activity involving sensitive data. Keep an eye out for changes in permissions and strange group memberships that can signify privilege escalation. Additionally, keep an eye out for surges in strange activity near your network ports and VPN connections. In particular, port scans and unsuccessful login attempts may be an indication of password-spray or brute-force assaults.
- Conduct a security risk assessment across the entire enterprise. Take special care of your remote services.
- Document your policies and make them available to everyone who has access to your IT environment.