A major new element we need to consider since our workforce is connecting remotely is the security of the user’s home router. A totally new set of threats, risks and potential compromises is introduced by vulnerable or misconfigured home routers. And the traditional network security controls we’re currently using to protect remote workers are not suited well for dealing with this situation.
Clear technical strategies and perhaps unconventional approaches are required to fully defend remote workers that are connecting via untrusted routers from home.
Dynamic Host Configuration Protocol
The DHCP protocol is used by the home router to define important configuration settings for the endpoint. As such, a compromised home router can exert extraordinary influence over the configuration and behaviour of a remote workers computer, and needs to be considered in your threat model.
Captive Portals
Captive Portals exert even more influence by blocking outbound internet connections (required to establish a VPN) and influencing the behaviour of the default browser.
We have tested several commonly used solutions in different configurations against various kinds of attacks. The results are displayed in the following table:
These findings are a cause for concern.
Technically similar
Different in principle
The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information fed from multiple sources to determine access and other system responses. The Zero Trust security model assumes that a breach is inevitable or has likely already occurred…
Consider some fresh paradigms, e.g.
There’s a lot to be done to fully protect our new-born remote workforce.
An intelligence-led approach will help guide teams tasked with protecting business systems to prioritize actions. The threat landscape is constantly changing and that means that businesses must keep abreast of significant changes to ensure that their risk exposure remains within an acceptable threshold. To do so they must have the latest information about tactics and techniques used by attackers and what the most effective means are to detect attacks and to limit risks associated with a successful attack.
The good news is that no magic is required. In this paper, we recommend a simple plan that is inspired by the CIS Top 20 controls and the NIST cybersecurity framework.
We’re in a war against threats, not a battle, and every additional control you implement will raise the cost for an attacker and improve your resilience.
Do the basics right by running a proactive vulnerability management program, reduce the exposure of accounts with administrative privileges, and monitor remote systems.
Finally, ensure that your people are properly trained and keep them well informed regarding the tactics and techniques of current active threats. Prepare for the worst by having an incident response plan that can help remote staff and make sure you regularly practice this to ensure staff is familiar with the drill.
Find detailed advice in the paper