Read these 8 Remote Access Security Tips tips to make your life smarter, better, faster and wiser. Each tip is approved by our Editors and created by expert writers so great we call them Gurus. LifeTips is the place to go when you need to know about Remote Access tips and hundreds of other topics.
If your organization provides remote access to internal, protected resources to employees, business partners, or customers, then security has to be one of your major concerns. You cannot overemphasize the importance of remote access security to your IT staff and your employees, and as soon as you open up your LAN to outside access, the biggest danger you have is that your employees have not chosen appropriately strong passwords.
By ensuring that your LAN is only access through a VPN and only through reliable software that forces your employees to choose strong passwords, you can seal the largest remote security hole related to remote access.
If your employees grumble that they'll never be able to remember the difficult passwords they're being forced to use, explain to them that, contrary to popular belief, it is actually safer to keep a password on a random scrap of paper in a wallet than to choose one that's easy to remember, as a sheet with random information will mean nothing to someone stealing the wallet, but a simple remote access password can mean a lot to basic password cracking programs.
If you switched to Linux thinking that your remote access security management woes would be over, you're only half right.
Even though Linux has a somewhat better track record than Windows regarding remote access security and virus and worm exploitation in particular, there are still a large number of vulnerabilities uncovered all the time for the free operating system, and Semantic and other security organizations are now starting to provide commercial firewall, antivirus, and other internet security software for Linux.
As it stands, a basic Linux distribution itself is still very secure compared to other popular operating systems, and is typically made less secure by services that are run on the system. To minimize the security risk of your new OS, simply disable all the services that you don't need--and stay up to date on security patches for the ones that you do!
If you're nervous about shopping online, then you're not alone. Studies have found that a good portion of consumers are still nervous about purchasing products online because of a fear that their credit card numbers are going to be easily stolen by malicious hackers listening on the internet for credit card numbers.
Long gone are the days where remote security of transmitted data was dangerous. Modern cryptographic software included in any major web browser is strong enough that even the NSA won't be able to decrypt your safely transmitted credit card number in less than a week, and that's with some of the most powerful computers on the planet. In fact, it's far easier for a server at a restaurant simply to write down the numbers on the merchant's copy of the bill than it is for anyone to snag the number you transmitted to a secured, remote machine.
Far more important in protecting yourself from online credit card or identity theft is your password choice. Remote access security experts have long stressed that people should choose obscure passwords having nothing to do with their name, nickname, username, maiden name, school, etc. etc., but should instead opt for a set of numbers and letters as random as possible. But how are you to remember that, you ask?
Write it down. Seriously, writing down a random password and putting that in your wallet is far less likely to let your credit card or identity stolen online than by using a stupid and easy-to-remember password.
Shopping online is safe, perhaps safer than shopping at a store downtown, just be smart, use common sense, and a good password.
While most people are vaguely away that remote access security precautions such as good passwords are very important, few realize how much information they make readily available to anyone listening to their internet connection.
The vast majority of online chats, emails, forms, blogs, and web forms are exchanged through insecure means, meaning that any username or password you send to someone in an IM window or email could easily be intercepted by a malicious hacker.
Fortunately, you can secure yourself by communicating through encrypted lines. Popular instant messaging software, such as AOL Instant Messenger, has plugins that will encrypt confidential communications between two parties. PGP—for Pretty Good Privacy—has provided free software to encrypt your most private email correspondences for more than a decade. And most remote access security management software will automatically open secured connections to perform remote desktop sharing or other remote access tasks.
Whenever you put information on the internet, be away of whether it is encrypted or not, because if it's not then you should consider that anyone could potentially intercept and use it.
As a sysadmin running a secure VPN, remote access security management is an important aspect of your job, and you know that it's not sufficient simply to authenticate remote computers accessing the network and assume that the data within the network remains secure. You must also ensure that each of those client systems are secured by personal firewalls, virus scanners, and password best practices.
However, one frequently overlooked aspect of this remote access security scenario is that most sysadmins allow software that is known to have huge security problems to run on these otherwise protected computers. Internet Explorer and Outlook in particular have received a great deal of attention from the security community and their use should be prohibited if possible. There are less dangerous, commercially viable alternatives such as Firefox and Eudora that you could push your company to adopt.
If you're obsessed with remote access security and really securing your mission critical data, then you should consider using SELinux.
SELinux was developed in part by the CIA specifically with remote security in mind. Even if hackers manage to gain access to the system itself, the damage they will be able to do will be incredibly localized. In fact, it is possible to secure data on an SELinux system so that, even with an administrator's username and password, a malicious hacker will not be able to gain access.
The disadvantage to using an SELinux-based server is that your sysadmin must understand how to use it. If security is of utmost importance to your organization, then you probably already have a very talented system administrator, and for a small fee you can get them trained to run SELinux-based servers.
If you're looking for the latest in remote security, then you should consider remote video surveillance.
Dotworkz Systems and others offer IP-based surveillance systems, so that you can keep an eye on your video surveillance from anywhere in the world! It puts a whole new spin on “internet security,” and could save you a lot of money on security staff as you may be able to then offshore the actual job of keeping an eye on the video.
If you're a sysadmin of a UNIX system that allows telnet access, then you might as well be posting your root username and password on a billboard over the next global hacker convention as you clearly have no concern for remote access security.
Telnet has long been known to be incredibly insecure as it's vulnerable to eavesdropping. You should require all clients connecting to your system to do so through only secure connections, such as SSH tunnels.
Furthermore, you should not allow remote root access even through an SSH connection. You can still perform administrative tasks remotely, but if you do so by first logging in using ssh as a normal user and then using su root, you'll be safer than simply by sshing as root.
Guru Spotlight |
Lynda Moultry |