What is a Remote Access Policy?

Quick Definition: A remote access policy documents how remote users may connect to an organization’s internal network and systems. It is part of an organization’s cybersecurity practices and is intended to help protect the organization from potential threats – both malicious and otherwise.

With the rise of work-from-home, the number of remote users has grown dramatically in recent years. At the same time, there’s been a surge in cyberattacks by malicious actors. It’s important to control remote access so only valid users enter the network and access approved resources.

This article discusses remote access policies and how they govern remote users' access to a network. We’ll also explain the role network administrators play in implementing strong remote access policies.

What is Remote Access?

Remote access allows authorized users to access internal systems and data through an outside network connection. Users who are traveling, working from home, or at a remote branch office can access the appropriate systems to do their jobs. Remote access policies also cover external users of self-service applications—customers, suppliers, tax-payers, patients, etc.

Types of Remote Access Methods

The ways remote users are allowed to access a network are selected by the network architects during network design. The three most popular remote access methods are Virtual Private Networks (VPN), Remote Desktop Protocol (RDP), and SSH (Secure Shell).

• Virtual Private Networks (VPN): Using Virtual Private Networks (VPN) client software on their devices, remote users can be authenticated and can then initiate an encrypted Internet connection from anywhere in the world 

• Remote Desktop Protocol (RDP): Like VPN, the Remote Desktop Protocol (RDP) operates over encrypted channels, and allows a remote user to get secure access via a Windows graphical interface to a distant Windows virtual machine or physical server. Sysadmins and network admins frequently use RDP to access remote computers and servers to troubleshoot them and perform other administrative tasks.RDP ports are often targeted by hackers, so security-conscious IT organizations will implement strong password protocols with multi-factor sign on authentication and also require that RDP is run over VPN connections.

• Secure Shell (SSH): Systems and network administrators use the Secure Shell (SSH) command line interface to open secure connections to a remote computer. Passwords are not required, since SSH incorporates client/server authentication that uses public/private encrypted key pairs.

Risks Associated with Remote Access

The most common remote access vulnerabilities are easy-to-break sign-on procedures, which occur when there is poor password discipline, such as easy-to-guess passwords and/or no password aging. 

Hackers look for any way to get inside the network. With RDP for example, poorly protected network ports are prime targets to gain entry. They can then find password files and use brute force tactics to expand their attack.

What is a Remote Access Policy?

A Remote Access Policy defines the conditions under which remote users are allowed to login to the corporate network and use applications and data appropriate to their role and responsibilities. The remote access control policy sets out what access technologies will be used and what cybersecurity defenses will be deployed. The remote access policy sets forth what a remote user must do to access and securely connect to the network. 

The remote access policy also defines which roles are allowed remote access. For example, it may say that remote business users may only access the network via a secure virtual private network (VPN). It may also say that systems and network admins may use RDP or SSH for administrative tasks, but only under prescribed security conditions. The policy will also set forth what system configurations may be used for remote access – including operating and security software.

Key Components of a Remote Access Policy

In general, access control covers five areas:

1. Authentication: Verify the user is who they say they are. There are various methods, which we'll cover in more detail in the next section. 

2. Authorization: Ensure the authenticated user has the privileges to do what they are requesting.

3. Access: Allow authenticated users to use only specified applications, or to view, modify, or delete specific data sets as authorized.

4. Manage: Keep the access control system up-to-date – access policies, user credentials and privileges, adding/removing users, and access control systems and software.

5. Audit: Monitor and record user access and access attempts to identify suspicious or unusual external or in-house activity. 

These key components should form the foundation of your remote access policy. By implementing strong authentication, authorization, access management, continuous updates, and regular audits, you can ensure that your network remains secure while providing the necessary access to remote users.   

Role of Remote Access Policy in IT Hardening and Security

IT Hardening is the practice of reducing vulnerability to cyber threats in all areas of the IT network and infrastructure. The goal is to remove any means by which a hacker could gain access. Stripping down the environment to the minimum functionality required will mean that hackers will have fewer points through which they can gain access. 

The Remote Access Policy identifies areas that contribute to hardening the infrastructure. These include password policies, patching software on remote devices, securing privileged accounts, and using encrypted channels.

What are the Best Practices for Remote Access Security?

Without proper security measures, organizations are vulnerable to cyberattacks that can lead to data breaches, financial losses, and reputational damage. By prioritizing remote access security, businesses can maintain the integrity and confidentiality of their information while supporting flexible work arrangements. These best practices can help inform your policy: 

Choose a Strong Authentication Method 

The simplest form of authentication is the user ID/password combination. As long as accepted password disciplines, such as password strength and password aging policies, are followed, this can be an acceptable method for low-exposure applications. But even with the best password discipline, password theft still occurs. 

The next level of security is multi-factor authentication (MFA). After entering the user ID and password, the user is required to enter additional information, such as a one-time passcode (OTP), or provide the answer to a security question. The one-time passcode can be sent by email or text message or generated on a physical key fob. Beyond OTP, biometrics such as fingerprint, voice, and face recognition are used. These may be used as part of MFA or on their own.

Employ Strong Passwords

Implement a strong password policy with complex passwords combined with aging and lockout for multiple failed login attempts. Every remote user should have their own account and credentials—no shared accounts should be allowed. Use multi-factor authentication (MFA) with one-time passcodes or a biometric.

Encrypt Data in Transit

Encryption for transmitted data is normally included in operating software such as VPN, SSH, or RDP. A number of the leading VPN solutions use the US government standard AES 256 encryption. 

If you elect to further encrypt data folders and files on your servers, then you have a wider choice of storage encryption solutions, such as BitLocker, which is integrated into Windows operating systems. To avoid cyber-attackers scanning transmitted user passwords in clear text, require that all regular remote access be via a secure virtual private network (VPN).

Limit Access to Authorized Users Only

Adopt a Zero Trust Network access (ZTNA) policy. Strictly verify and authenticate each user attempting to login and use least privilege access to restrict them to the absolute minimum of access needed.  

Secure Configuration of Remote Access Infrastructure

Ensure that all the components of the remote access infrastructure are hardened. All software must be configured correctly, fully-supported by the vendor, and up-to-date with current versions and software patches. If privileged systems and network admin users are authorized to use RDP or SSH, then ensure that the ports are secured, require unshared authenticated accounts, and employ encryption and or access via VPN.

Monitor and Log Procedures

Activity for key remote access systems should be logged and stored for analysis. Logs of remote access attempts, authentication successes and failures, and sessions can be used to identify threat activity or troubleshoot network issues. Note that hackers know all about logging and may try to alter log files to cover their tracks. So make sure that log files are protected and ideally unalterable.

Conclusion

A robust Remote Access Policy is essential to limit risk. Systems and network administrators must be fully conversant with all aspects of their organization’s policy, since they are the ones who implement and manage the key components of authentication, authorization, and access. 

Learn more about VPNs, SSH, and remote file access by watching our remote access methods on-line training. Familiarity with Remote Access Policies is a requirement for the CompTIA Network+ exam.  If you’re aiming for this certification, then taking our CompTIA Network+ on-line training course can help prepare you for the certification exam. 

Not already a CBT Nuggets member? Sign up for a free 7-day trial.