The role of the enterprise help desk has changed significantly with the proliferation of mobile devices, today’s increasingly distributed workforce and other disruptive IT trends. Not only are organizations tasked with keeping assets functioning amid these changing conditions, IT must also ensure that the technologies used to support this new way of working don’t unintentionally expose the company to serious risk.
According to the 2013 Verizon Data Breach Investigations Report (DBIR), hacking remains the most common cause of data breaches. Within those hacking-related breaches, desktop sharing or remote access services such as Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) are the most common attack vectors. This finding is also echoed by the Trustwave 2013 Global Security Report, which found remote access to be responsible for 47 percent of the attacks analyzed.
Given these findings one might think that remote support tools would be under tighter control. Unfortunately, this is not the case—there are numerous reasons but it ultimately boils down to the three things: budget, hubris and forgetfulness.
- Budget: Many IT teams still use free remote access tools. While these might look good to the bottom line, companies get what they pay for from a security perspective – and that is nothing.
- Hubris: Other organizations simply refuse to admit that the tool they’ve been using for years may not follow security best practices, whether due to inherent design or its configuration.
- Forgetfulness: Finally, some companies are unaware that they have outdated remote access tools in place.
Regardless of which category you might fall into, the good news is that there are some simple steps you can take to increase your remote support security.
First, don’t use remote access tools that require an open listening port on end user computers. Internet-facing listening ports can be found through a simple scan and hackers can easily exploit the open door to access systems and data. Make sure any listening port can only be accessed by the designated remote support solution for which it was designed.
Second, standardize onto one remote access solution, using the same toolset rather than separate tools for PCs, Linux servers and Android devices, etc. This reduces the number of products to manage and limits the risk of forgotten tools acting as attack vectors. It should also allow central tracking and management of who is accessing what systems, when and for what purpose.
On that note, the ability to audit activities is an important element for ensuring remote support security. The audit trail should be stored securely so that it can’t be modified or deleted by a third-party or individual technicians. In addition, these logs should be regularly monitored and reviewed for suspicious activity.
Next, consider your remote support authentication methods. Many remote support tools use named-seat licensing where each license is tied to an individual. Most IT organizations don’t need full-time licenses for each technician, and this can encourage the use of shared logins which will undermine auditing. If you want to share licenses, use a solution that allows concurrency but still requires individual logins and passwords. Even better, link remote support logins to your master identity management directories so that system access can be centrally managed by teams and individuals.
Finally, if you outsource IT services or regularly have third-party vendors accessing your systems, use a tool that can securely invite vendors into sessions, limit what they can access and monitor everything they do.
We can expect that the scope of enterprise IT support will only grow with future tech innovations. Following the steps above not only positions organizations to securely support today’s workforce, it lays the foundation for more securely addressing tomorrow’s challenges, as well.
Comments on this article are closed.