Remote access software has many useful areas of application like internal IT support, vendor support for software / hardware, accessing office computer from home pc, webinars, etc. However, remote access usage comes with a plethora of security concerns. In this article, I am enlisting some of the basic security measures to be taken by users of remote access software to protect their information assets.
- Administrator account name in the host (remote) computer should be changed from the default name.
- Default and unused user accounts in the host computer should be disabled.
- Account password complexity and account lockout for unsuccessful logon attempts should be configured on the host computer.
- When the client computer tries to access the host computer, the remote access application should prompt for a password. Password may be changed after every remote usage.
- Strong encryption (128 bit key) should be enabled for remote desktop sessions. Remote connections should be tunneled through secure encrypted protocol such as SSL or SSH. This protects the users from man-in-the-middle attacks.
- Access to host computer should be restricted through IP filtering (i.e. only specified IP addresses can access the host computer)
- Event viewer logs should be enabled and monitored frequently to check if anyone is trying to log in. Firewall logs too can be reviewed to check who have accessed the host computer.
- Most client side software (module residing on the computer which accesses the remote computer) have a feature to save entered passwords. This feature should never be used.
- In Windows OS, remote access software needs “Terminal Services” / “Remote Desktop Services” to be running. Users may set these services (Start > Control Panel > Administrative Tools > Services) to manual and start the service whenever needed. These services may be stopped or disabled when not in use.
- Physical security measures available for the host computer should be made available to the client computer.