Enabling Employees to Work from Home

All of a sudden, the world is facing a pandemic, and you are asking all your team members to work from home. Have you really considered all the security implications of moving to a remote workforce model? Chances are you and others are more focused on just making sure people can work effectively and are less focused on security. But at times of crisis – hackers are known to increase their efforts to take advantage of any weak links they can find in an organization’s infrastructure.

I travel significantly for work and have always been fortunate to have a good setup to be able to effectively work from anywhere with a reliable Internet connection. Not everyone is this fortunate, nor do many people have the experience of working remotely until now.

Managing Host-Based Security

Host-based security represents a large attack surface that is rapidly evolving as employees continue to become more mobile. Let’s discuss some key things organizations need to keep in mind as they migrate their teams to be effective while working from home.

1. Education/Employee Training

Before we start talking about technical controls that are important to consider, it’s necessary to start with the people factor. All the technical controls can easily be rendered useless if your team members are not properly trained on security. People need to be trained on how to securely access and manage the organization’s IT assets. With a rise in phishing attacks, it’s important that training not only cover secure ways to access different systems, but also how to avoid potential scams. Education is paramount in making sure that the organization is safe, and people in the organization are not making decisions that can have adverse effects from a security and privacy perspective.

2. Workstation Image Security

Most organizations deploy laptops using a standard set of system images and configurations. The problem with using standard images and configurations is that it becomes challenging to secure a workstation in the event that the laptop is lost, stolen, and/or compromised by a threat actor.

Here are some things to consider while trying to secure laptops and mobile devices:

  • Ensure all workstation images are configured based on a secure baseline.
  • Make sure the secure baselines are managed and updated based on business needs.
  • Track critical operating system and application patches, and ensure that they are applied.
  • Review application and management scripts for vulnerabilities and common attack patterns.
  • Enable full-disk encryption.
  • Perform regular security testing for each workstation image – typically organizations have multiple images that are in use – e.g. Windows 7, Windows 10, MacOS, etc.

3. Virtual Desktop Infrastructure (VDI) Security

Many organizations are moving away from physical laptops and are having their employees access applications and desktops through solutions leveraging VDIs. A common solution that is used widely is provided by Citrix. This allows employees to connect to an organization’s systems by remotely connecting to a virtual desktop server (from their personal computer or mobile device like a tablet or a smartphone) working directly from where the virtual desktop is hosted.

The following are some things that are important to consider in this type of a scenario:

  • Enforce multi-factor authentication (MFA) for all VDI portals and VPN access.
  • Ensure that the VDI is configured so that users cannot exfiltrate data through shared drives, the clipboard, email, websites, printer access, or any other common egress point.
  • Proper access control so users cannot easily pivot to critical internal resources like databases, application servers and domain controllers.
  • Lock down applications to prevent unauthorized access to the operating system resources and ensure that they have the least amount of privileges enabled to function properly.

4. Windows and Linux Sever Security

Unlike laptops/workstations and VDI portals which are directly exposed to the Internet, once an attacker can pivot into the environment, they usually find it trivial to identify Windows and Linux servers on the network to target. Server Operating Systems need to be configured, reviewed and hardened to reduce the attack surface. Vulnerability scanning by itself is usually not enough since it won’t expose vulnerabilities that could be used by authenticated attackers.

5. z/OS Mainframe Security

Windows and Linux servers are typically deployed using standard images, but z/OS mainframe tend to be more unique. In most environments, the mainframe configurations are not centrally managed as effectively as their Windows and Linux counterparts, which is why there are many inconsistencies in how mainframes are configured, leading to vulnerabilities that are often accessible to domain users.

It’s important to consider the following:

  • Check for missing critical application and operating system patches on a regular cadence.
  • Centrally manage and implement z/OS mainframe configurations based on a secure baseline.
  • Check if Active Directory domain users can log into z/OS mainframe applications or have direct access through SSH or other protocols.
  • Periodically perform penetration testing and security reviews of your deployed z/OS mainframes.