The rush to allow users to work from home due to the COVID-19 virus opens up an increased threat vector. As companies struggle to allow their employees to work from home creating social distancing, security may not be sufficiently considered. Before just turning on remote access, please keep these basic rules in mind:

  • Change all default usernames/passwords
  • Use only secure protocols like:
    • SSH
    • HTTPS
    • SCP
  • Make sure insecure protocols listed below are disabled:
    • Telnet
    • HTTP
    • FTP
  • Restrict access to limited IP ranges if possible
  • Put access to these resources behind VPN connections if possible

What if you do not have a VPN solution? If you must use RDP remember the following:

  • Strong passwords on any accounts with access to Remote Desktop should be considered a required step before enabling Remote Desktop.
  • Use multifactor authentication – This should be done with your VPN too, ALL remote access should ALWAYS be multifactor authentication (MFA), this includes email access.
  • Update your software – Make sure both the clients and the server have the latest Microsoft patches and automatically update.
  • Use firewalls (both software and hardware where available) to restrict access to remote desktop listening ports (default is TCP 3389). Using an RDP Gateway is highly recommended for restricting RDP access to desktops and servers.
  • Enable Network Level Authentication

Windows 10, Windows Server 2012 R2/2016/2019 also provides Network Level Authentication (NLA) by default. It is best to leave this in place, as NLA provides an extra level of authentication before a connection is established.

NLA should be enabled by default on Windows 10, Windows Server 2012 R2/2016/2019.

Avoid Panic Decisions

The situation is certainly one that needs to be handled with an abundance of caution as we move into unchartered territory. If threat intelligence tells us anything, it’s that threat actors will use any situation to facilitate their ill intent. If decision-makers act too quickly, it will be easy to simply ‘open the network’ in order to be able to continue doing business, but this strategy is extremely risky. Avoid a panic decision and make sure that while making the necessary decisions, we don’t open ourselves to threat actors.