Protect Active Directory Logins to Secure Remote Working

DZone 's Guide to

Protect Active Directory Logins to Secure Remote Working

See how you can better secure your network and provide your employees with the correct tools and knowledge to prevent security breaches while working remotely.

· Security Zone ·
Free Resource

In the past few weeks, the majority of businesses were forced to shift to remote working. This situation is seen as a great opportunity for hackers to find new vulnerabilities to exploit. When a remote employee logins to the corporate network, it actually creates an access point that can be exploited.

Active Directory (AD) is the core identity and access platform for organizations all around the world. The best way to secure your network is to protect the remote use of these AD credentials.

Phishing the Most Vulnerable

The recent coronavirus outbreak came with a lot of new phishing email campaigns. The threat actors are focusing on the most vulnerable — just like the coronavirus itself — your new remote workers. Their strategy is to use public fear and lure their targets with URLs or document downloads of safety documentation or infection maps. They know that the probability of users clicking on a link or opening an attachment is higher than ever.

With a set of compromised credentials, hackers can then move laterally within your corporate network in order to find valuable data to exploit. What’s more, this kind of attack is similar to the coronavirus itself in the sense that you might not even know you’re infected. According to the Ponemon Institute, it takes 191 days on average to uncover a data breach.

The Threat Surface Is Expanding

In this kind of situation, poor protection of Active Directory connections might put your organization at high risk. Today, because most companies are being forced to work remotely, the threat surface has expanded extremely fast.

The risk is even higher considering that most businesses didn’t even have time to prepare for what was coming. They had no time to prepare for remote work. What happened is that most of them rushed to allow Microsoft remote desktop (RDP) access so that users could access desktop resources without having to be physically at their desks. 

The priority has been the continuation of operations, leaving little attention for cybersecurity. 

Secure Remote AD Logins

Remote desktop access is only protected by a single password, which makes it not fully secure. To protect these connections, here are three recommendations:

  • Strengthen passwords
  • Use a Virtual Private Network (VPN) for all RDP sessions 
  • Enable two-factor authentication on these RDP sessions

This will allow you to significantly improve the security of your remote workers.

Find below a summarized list of recommendations written by experts in order to fully minimize the risk:

  1. Equipment policy for employees working remotely: As much as possible, you need to use the equipment available, secured and controlled by your company. If you can’t, you need to give clear usage and security guidance to your remote users.
  2. External access security: To secure your external access, you need to use a VPN (Virtual Private Network). If possible, limiting VPN access to only authorized machines will strengthen security. If anyone tries to connect from another machine, login must be denied.
  3. Password policy: To be secure, a password must be long enough, complex, and unique. To be more secure, activate two-factor authentication on RDP sessions, especially for connections to the company network.
  4. Strict security updates policy: As soon as a security update is available, you need to deploy it on all devices in your information system. Hackers can quickly exploit those vulnerabilities. 
  5. Backup of data and activities: After an attack, backups might be the only way for your company to recover its data. Perform and test backups on a regular basis to make sure they are working. 
  6. Professional antiviral solutions: Adopt a professional antiviral solution to protect your business from common viral attacks, but they can also sometimes protect from phishing, or from certain ransomware. 
  7. Logging of the activity: Implement systematic logging of all access and activities of your workstations and equipment (servers, firewall, proxy…). This helps understand a cyberattack, its extent, and how to remedy it.
  8. Manage the activity of all external accesses: Detecting suspicious access could be a sign of a cyber-attack. To do so, you should monitor RDP sessions and all access to files and folders. If you can have real-time alerts and immediate response, that’s a great way to act before any damage is done.
  9. Employee awareness: Give clear instructions on what remote workers can or cannot do. They will often be the first barrier to avoid/detect attacks. 
  10. Be ready for an attack: No business, whatever its size, is fully immune to cyberattacks. Assessing the possible scenarios allows you to anticipate the measures to take to protect your organization.
  11. Managers’ involvement: Managers must be implicated and responsible when it comes to security measures in order to ensure employees’ adhesion.
covid-19, cybersecurity, information security, phishing, vpn

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}