what access and security logs you could configure and review, and.if they support MFA and other strong authentication controls.which VPN protocols that are used and if they have any known security issues.When going with a VPN, it is important to check: It is ideal for a business who needs their staff to be 'virtually working' in the office, with access to all the same tools and systems they have when they are sitting at their desk. VPNs are a good option for businesses who have a small to medium-sized workforce who need access to multiple files and systems on the office network. It might mean you should look to other remote access software that allows for higher performance. This doesn't mean you should turn off encryption. Higher encryption standards often means slightly slower performance due to the time it takes to encrypt connections. You will have to consider how many people will need to connect and if this option is viable. VPN software usually has limits on how much traffic they can support. It also requires updates to software on the server, and sometimes on the remote computer if they are using downloaded software. Setting up a VPN server can take a lot more time than other options. Most of these vendors also provide updates to their software when known vulnerabilities are discovered. Most VPN software vendors have guides to help you and your stuff use their product. Some staff may require help in getting their remote computer setup. Some VPN protocols have known vulnerabilities and should not be used, like PPTP.ĭepending on the software, it may only require a user to download software or access a website (browser-based) on their remote computer. There are multiple options, and it comes down to the type of VPN protocols used and the encryption they support. Some software allows you to use encryption so data is secured while being sent through the tunnel. This level of access might be too much if staff or third parties just need access to a single machine or system. If your authentication controls are not strong, it could mean an attacker also has access to your entire network. You can configure controls to allow users to part of the network as if they were working in the office. Some software allows multi-factor authentication (MFA) and other secure controls, like invalid login attempts.Īuthentication controls have to be configured, and not every VPN software offers the same options.Īs a central connection point, it is easy to manage incoming and outgoing connections. Once connected to the VPN, you can access the same files and systems as if you were sitting in your office. Setting up a VPN requires you to either configure a server on your office network to run the VPN software or enable VPN features on your office router. Virtual private network (VPN) software creates a tunnel between your remote computer and your office network. We've briefly described them below, provided a table of the advantages and disadvantages, and added a summary of each option. Types of remote accessīefore you pick a solution, it is important to know what your options are. It is important to pick a solution that works for how your business operates. Each solution has their benefits and downsides. The guide below can help you understand which remote access solution can work for you and your team. Once they bypass these controls, they often drop malware or ransomware on the system and this can spread like wildfire on your network. At CERT NZ, we see attackers taking advantage of weak remote access controls.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |