14 Companies have announced that they will have their employees work remotely for the next year.
In March when the country started shutting down, businesses with office workers scrambled to make arrangements to allow their users to work from home. Some businesses were already set up to have their users work remotely. Others had to put remote procedures into place quickly.
(I discussed remote access options in an earlier article here.)
In May and early June it looked like the spread of the coronavirus was under control and businesses would start getting back to normal. It was thought that the era of users working remotely would be a short term event. Because of that, businesses didn’t put in a whole lot of effort to add additional protection to both office and user home computers.
However, the exponential increase of new cases July caused many companies to rethink the return of employees to the workplace. Google announced this week that they will have their users work remotely through July 2021.
This shift in having users work from home has caused a shift in the way cybercriminals approach their ‘craft’. There is now an increased focus on attacking the vulnerabilities of remote access.
THE “PROBLEM”
Most businesses have a fair level of protection on their office PCs. They may have a firewall or other protective hardware to isolate the local network from outside attack. The also have anti-malware protection on the PCs and servers to minimize the risk of cyber attacks.
With users working from home it is necessary for some of that protection to be removed. A term used often with firewall is “opening an hole” in the firewall. Cybercriminals use sophisticated scanning tools to find these holes and exploit them.
An example of this is the attack of Microsoft’s default Remote Desktop Protocol (RDP) port – 3389. RDP is the built in program in Windows that allows one Windows PC to connect over a network connection. A PORT is an extension added to an IP address that fine tunes that address for a specific task. For instance, when you use a web browser to access a website, port 80 is automatically appended to the IP address. So, when you ask to go to www.RSETech.com, your computer converts the address to 35.209.213.249:80 – and when the server receives the connection it sees the port 80 and redirects the connection to the program hosting my website.
Other common ports are 21 for FTP, 80 for HTTP web sites, 110 for email, and 3389 for RDP.
It is the RDP port that is the major problem. Microsoft Windows, by default, has port 3389 open and has the RDP protocol turned on. When your computer is connected to the Internet directly, Internet scanners can look through all the public internet connected computers and find ones that have this vulnerability. Cybercriminal then attack with anything from ransomware to programs that steal personal information.
To compound the issue, if the computer is connected to a work computer, there is now a potential path into the work network around the protection that was set up.
Solution – Add a layer of protection at home
There are a number of techniques that can be used to boost the security of the home computer, protecting the work computers.
- Close Port 3389 – Use the built in Windows firewall to turn off port 3389, unless you need to access your home PC from a remote location.
- Use Port Redirection – If you need to access your PC from the outside, use port redirection. All modern Internet routers have the ability to change a port number for incoming connections. For instance, you can tell the router that if the incoming port number is 33333, then change it to 3389 and point to the internal address for the PC. Cybercriminals don’t search for port 33333, so they won’t be looking for that PC.
- Use Port Redirection at Work – This method is a must for work networks. Using it in a work network environment not only allows for the protection of ALL devices attached to the network, but it allows for the use of one common IP address to be redirected to all the Internal computers. This can save money since many Internet Service Providers charge extra for multiple IP addresses at one location.
- Use a firewall – Hardware firewalls (not the software firewall built in to Windows) are designed specifically to keep unwanted access to a minimum. By default, firewalls have all ports except for web browsing closed from incoming traffic. Ports are only opened when required. For instance, if you have security cameras you may need to open ports to access the cameras from your mobile devices. Firewalls also have stateful packet inspection, which means the can examine all traffic entering the network and block any malicious software.
- Use a VPN – A VPN, or Virtual Private Network, is a secure connect, a tunnel, between two Internet connected devices. Think of it as a long network cable plugged in between two devices. A VPN connects a home computer to the work network with a secure connection, effectively taking the home computer off the Internet. When connected to work networks, the home PC is taken off the home network (via software protocols). Doing this eliminates the cybercriminals ability to access the home PC via the home network.
- Use a remote control program – Programs like TeamViewer or AnyDesk use a very secure encryption protocol to communicate between the home PC and work PC. You work as though you are sitting in front of the work computer and only the screen, keyboard and mouse information goes over the Internet. No actual data is transmitted, so no data can be intercepted and used.
Taking these steps can protect both work and home computers from potentially costly attacks.