获取对工程师的冠状病毒影响的最新更新。Click Here
网络安全

Secure remote access to survive and thrive

安全远程访问(SRA)被用来帮助企业生存和COVID-19大流行期间发展起来的,但也有一些新的挑战需要加以考虑。请参阅第10种远程访问的最佳做法。

By John Almlof July 21, 2020
Courtesy: Chris Vavra, CFE Media

作为世界期间和大流行后搞清楚了,有一两件事是肯定的 - 远程工作是在这里留下来。幸运的是,技术可以提供,以确保操作访问所需的可视性,无论员工是在办公室还是在家里工作。虽然这种灵活性还没有那么容易过去拥抱,安全远程访问(SRA)现在被广泛用于帮助企业生存和发展。

举个例子,一个70岁的工厂工程师谁被认为是高风险由于医疗条件和需要自我隔离。他工作的公司必须提供只是为了他的安全远程访问,这样他就可以得到“内部”他们的设备来管理他们的关键资产。

面临的挑战是通过让关键业务资产的远程访问,公司显著扩大了攻击面。在根据上述NordVPN研究其实,员工的6亚洲必赢2%,现在是容易受到网络攻击,这要归功于在COVID-19大流行使用的个人电脑进行远程工作。

另一项调查发现COVID-19相关的钓鱼邮件都在上升,与许多不同的嵌入恶意株作为附件。AgentTesla(45%),NetWire(30%),和LokiBot(8%)是最积极开拓恶意软件家族,在说新加坡集团-IB的计算机紧急响应小组的(CERT-GIB)的研究人员。亚洲必赢With some minor differences, the goal of all these malware samples is to harvest user credentials from browsers, mail clients and file transfer protocol (FTP) clients, as well as capture screenshots, and secretly track user behavior and send it to cybercriminals’ command and control centers.

Loss of control

“One of the things that’s changed is that a corporation no longer has control over the infrastructure its employees are using for work,” said Pam Johnson, vice president of customer experience at Dallas-TX-based solution provider, TDi Technologies. “For example, they’re using personal computers to access the business network. They’re using unsecured WiFi to access operational systems. That’s a fundamental issue that could result in malware making it through from personal computers, going over a home WiFi to the business network.”

“We’re used to knowing who’s touching our critical infrastructure, because outsiders have had to sign into a visitor log,” said Bill Johnson, chief executive and founder of TDi. “And when they’re onsite, all the cyber hygiene, cyber protocols, and visitor protocols are being met. They’re not bringing in USBs or laptops from the outside, they’re using equipment contained within the four walls of the business. But with so many remote workers, cyber challenges are added onto the personal and physical-distancing challenges that now exist.”

A big spike in the number of people working from home, and most likely continuing to do so, has brought about a change in the micro view of how employees operate and in the macro perspective of how industry could operate in the future. The pandemic has forced an industry that’s slow to change even the smallest of details into accepting supporting technology.

“我们已经91年以来,以提供不同行业的远程访问,我还没有发现人前如此渴望。而且,不仅是他们渴望看看安全的远程访问,他们正在向我们走来与需求的购物清单,”比尔·约翰逊说。“‘You must be IT-centric or OT-centric, or be able to create a unified view.’ That’s another thing we’re hearing a lot of, ‘I’ve got these other tools, and you have to integrate with those, or you have to be able to allow me to access these other critical tools that I use to manage my business.’ So, the pandemic has led to people becoming more educated about security requirements. In the past, it was a nice-to-have. Now it’s a must-have.”

技术获得的角色

安全总是认为是人员,流程和技术的集合,但后者现在效力于使企业能够通过远程访问操作发挥更大的作用。

“I’ve found that people were often the inhibitor to technology, in that they simply didn’t want to allow technology to be accessible remotely,” Bill Johnson said. “Historically, SCADA technologies and OT technologies haven’t been connected to a network that could be remotely accessed. So, consequently, some organizations default to ‘security by obscurity.’ But the COVID-19 pandemic has forced companies to re-think both people and processes.”

While it might be preferable for employees to be physically present, secure remote access technology allows organizations to manage remote access to critical systems in a responsible, secure way, providing situational awareness and auditability to see who is touching the business infrastructure.

缓解一个僵局

“Remote access might be the only way right now to keep a business alive and generating revenue, but if you do it incorrectly, you can put the business out of business,” Bill Johnson said. “That’s why the people in the process have always been a blockage. And it’s also why companies are being very specific about the technology capabilities they need to do it right.”

“From a business perspective, we always want to know who, and where are workers coming from,” Bill Johnson said. “What are they doing? How are they doing it? Are they authorized to be here? Show me the log and the audit, and tracking of their remote access.”

Eight secure remote access tips for companies, two for employees

为了帮助确保安全的操作手法,比尔·约翰逊和Pam约翰逊列出了企业和员工可以遵循最佳做法:

For companies, they should:

  1. Protect everything with firewalls, VPNs and two-factor authentication (basically zero trust)
  2. Monitor remote access connections to gain visibility into all remote systems interacting with your network
  3. 确保标准和政策到位,其中包括这些服务器上的安全服务器的规则,并设置
  4. 经常检查,以确保这些设置都没有改变
  5. Evaluate how those servers are configured, what software is on them and what version it is, and all automation behind the scenes
  6. 应用补丁,如果有可能从远程位置,这样做安全
  7. 包括定期更新密码过程中,通过自动化
  8. Keep a log of configuration or firmware changes, what was done and by whom.

员工应:

  1. During remote access, double check the location you’re going to visit before going there
  2. 不要链接和文件单击你不熟悉。

此内容最初出现在ISSSource.com.ISSSourceis a CFE Media content partner.


John Almlof
作者简介:John Almlof is director strategic alliances and business development – Americas at Nozomi Networks.