Remote access is the ability to access your computer from a remote location. In fact, Remote access is simply the ability to access a computer or network, at home or in an office, from a remote location. Remote access connection allows users to access a network or computer remotely via an internet connection or telecommunications. This post is dedicated to secure remote access.

You can use a local area network (LAN), a wide area network (WAN), or a virtual private network (VPN) to establish a remote access connection. In order for a remote access connection to take place, the local machine must have the remote client software installed and the remote machine must have the remote server software installed. Also, a username and password is almost always required to authenticate the connecting user.

Most remote access programs also allow users to transfer files between the local and remote machines, which can save a lot of commuting time.

In generally, remote access means that employees who are in a location other than the organization’s location (for example, they may be on an administrative mission) should can connect to the organization’s network remotely. Remote access uses some communication infrastructure such as telephone networks or internet.

Source:  solidsystemsllc.com    and    searchsecurity.techtarget.com   and  techterms.com

 

 

Remote Access Methods 

In all remote access connection are four main component:

1- Remote Access Server: It’s one server in organization network that it is the destination of all remote access connections.

2- Remote Access Client:  All computers that remote connect to network, called remote access client or remote computer. These can be laptops or desktops. They can be organizational or personal. (In terms of ownership)

3- The type of communication and infrastructure it uses: They are include many types such as VPN, Remote Desktop, Third-party software and etc.

4- Connection Security: This is the main point of this article.

As mentioned, there are several ways to access remotely, which we will mention in this section.

 

Remote Desktop 

Remote Desktop Connection (RDC) is a Microsoft technology that allows a local computer to connect to and control a remote PC over a network or the Internet. The host computer can see and interact with the target computer through the target computer’s actual desktop interface—allowing the host user to see exactly what the target user sees. It is done through a Remote Desktop Service (RDS) or a terminal service. Microsoft Windows, Linux, and MacOS have the software available that allows for remote desktop access.

Remote desktop is very useful for network administrators. Server computers (whether physical or virtual) are located in the server room. For reasons such as being too cold of these rooms, most managers prefer not to have their physical presence in the room as much as possible. Using a remote desktop, administrators can interact with network servers in office rooms or even at home or hotel as if they were in front of a server. Microsoft was the first manufacturer to use a remote desktop feature in its operating systems. But today, third-party software companies are also developing software for remote desktops.

Source: techopedia.com

 

Remote Assistant 

The remote assistant can be considered a subset of the remote desktop. When you connect to another computer using the remote desktop, the current user of that computer is forced to sign-out. In other words, if an employee asks you for help with a problem and you use a remote desktop to connect to his computer, it is not possible for both of you to be able to view the desktop at the same time and do the necessary work. In terms of technical support, this is a huge problem. To solve this problem, remote assistant technology was introduced. In remote assistant, technical support person and an employee with a problem are able to connect to a computer at the same time.

So, remote assistant useful for technical support purposes. Suppose you are a technical network support. The organization you work for is located in a 20-story building. You are required to provide technical support to all employees throughout the building. Without the possibility of remote assistant, you may need to be present on eight different floors of the building simultaneously and physically for the technical support of fifteen different employees. You will probably spend half your working day in the elevator of this building every day. But with using remote assistant, you can quickly connect to and support a computer that needs support without having to physically move. It’s benefit for employees and for you and even for the elevator!

Popular remote assistant software solutions that let you to remotely access and control your computer include Anydesk, TeamViewer, Any desk, RealVNC, and Ultra viewer.

The basis of all this software is the same. These software are generally used for creating remote access between two computers. Both of these computers (server and client) can be home computers or laptops. Or both can be enterprise computers are in different organizations. It doesn’t matter. Only one thing is important: two computers must be connected to the Internet.

Each of the two computers can act as a server or client. Which server and which client needs the agreement and coordination of their users. However, the software must be installed on both computers. They are also very easy to install.

Each time these applications run, they consider an ID for themselves. User of the client computer only needs to know the ID related to the server computer and enter that ID in the text box provided for it. (Of course, some of these software, such as Team Viewer, in addition to the ID, also create a password, in which case, the password also must be entered separately on the client computer).

A request for access is now being sent from the client computer to the server computer. It is enough for the computer user of the server to accept this request. That’s it. The client computer user is now connected to the server computer.

These software are widely used today. Especially in terms of technical support, working without these software seems almost impossible. And last tip, these third-party software considered as remote desktop software. If you are looking for this type of software in a search engine, it is better to enter the phrase “remote desktop software”.

 

VPN Connection 

Virtual Private Networking (VPN) establishes physical connection between the remote client and the server by creating a secure tunnel over the internet. Creating VPN includes the following steps:

  1. The network remote access server must be permanently connected to the Internet. This server must have a fixed and valid public IP address. The VPN role must be installed and configured on this server.
  2. We need to define special user accounts for people who need to connect to the network via VPN.
  3.  On remote client, we must either create a VPN connection or use many VPN connection software. Anyway, we must enter user account in VPN connection.
  4. It is time that we to click on the connect button. If all goes well, the computer will connect to the organization’s internal network.

Now, It is as if we are working with our organizational computer and in the organization’s environment. VPN software (or VPN connection) creates a tunnel between your remote computer and office network.

Now we need to clarify a point. There are different types of VPN. Because VPN uses many protocols. The VPN type that we consider in this article, which is used in remote access, is called IPsec VPN.

IPsec VPNs are a good option for businesses who have a small to medium-sized workforce who need access to multiple files and systems on the office network. Now we need to clarify a point. There are different types of VPN. Because VPN uses many protocols. The VPN type that we consider in this article, which is used in remote access, is called IPsec VPN.

IPsec VPNs are a good option for businesses who have a small to medium-sized workforce who need access to multiple files and systems on the office network. Today, almost all routers, all modems, all wireless access points, all firewalls and all operating systems have IPsec VPN capabilities in their settings that we can enable whenever we need to. Security solutions, based on IPsec VPN technology, have to support all peripheral and central components as well as systems in all remote access environments.

Now we need to clarify a point. There are different types of VPN. Because VPN uses many protocols. The VPN type that we consider in this article, which is used in remote access, is called IPsec VPN.

IPsec VPNs are a good option for businesses who have a small to medium-sized workforce who need access to multiple files and systems on the office network. Today, almost all routers, all modems, all wireless access points, all firewalls and all operating systems have IPsec VPN capabilities in their settings that we can enable whenever we need to. Security solutions, based on IPsec VPN technology, have to support all peripheral and central components as well as systems in all remote access environments.

VPN’s world is a huge world that doesn’t fit into this post. Fortunately, Here is a great post about this protocol and all its variations.

Source: ncp-e.com

 

Microsoft DirectAccess 

DirectAccess, also known as Unified Remote Access, creates an “always on” authenticated, secure, and bidirectional connection at the Operating System level. Users do not need to install any software or launch any programs. Whenever the user’s computer is connected to the Internet, the Windows OS connects in the background to the corporate network. In fact, DirectAccess starts securing the network channel as soon as a client gets on an active Internet connection.

DirectAccess allows connectivity for remote users to organization network resources without the need for VPN connections. The impact of DirectAccess could be game changing for both IT and end users. DirectAccess designed exclusively for Windows. It was initially introduced in Windows Server 2008 and Windows 7 Enterprise edition.

DirectAccess have these advantages over most VPN solutions:

  • Active Directory Domain joined client computers connect automatically rather than connections being user initiated
  • Connections seamlessly work through all firewalls
  • Supports offline domain join for clients that have never been on the corporate network
  • Supports selected server access when connected
  • Support for load balancing
  • Supports end to end encryption of the connection

Of course, DirectAccess have some disadvantages also that include:

  • Clients are required to use either the Ultimate or Enterprise versions of Microsoft’s Operating Systems.
  • Some changes are required on the network. There is a problem, and that is DirectAccess was designed with IPv6 as the primary addressing scheme and IPv4 secondarily. Most of today’s networks have not yet moved towards addressing with IPv6 addresses and are using IPv4 addresses. So, additional pieces of software are required on the LAN so that remote users can access IPv4 addresses.

Read more about Microsoft DirectAccess

Source: kemptechnologies.com

 

Virtual Desktop Infrastructure (VDI)

VID is another remote access method. We have a special post about VDI that you can read here.

 

 

Security Risks in Remote Access 

In fact, there are many concerns about this, which include several categories:

  • Remote Access through Home Computers
  • Easy Logins and Passwords
  • Lack of Computer Inspection
  • End Point of a VPN

There is some risks, if an employee has remote access to the network via his personal/home computer:

  1. Home and personal computers are usually more prone to infection. Many of these computers lack firewalls as well as anti-malware. If your personal/home has been infected, and you’re using it to access your office network remotely, then a hacker could easily install malware onto your business’s computers.
  2. These computers usually use weak passwords or no passwords at all. So, it is a disaster. In fact, a computer which has low security (or has not security at all), able connects to organization network.
  3. Lack of physical security controls for these computers.

In addition, there are other concerns:

  1. Many remote access endpoints only require a simple ID and password to log on to your network.
  2. Many remote access software solutions don’t scan the remote computer for viruses or malware.
  3. Remote access communications are carried over untrusted networks.
  4. Anyway, information travels over the public internet. What’s scarier than that?

Source: solidsystemsllc.com

 

 

Solutions to Remote Access Risks 

  • Set up a Firewall and Antivirus
  • Set up an IDS and an IPS
  • Use Multi-Factor Authentication for these communications
  • Use virtual private networks
  • Testing system regularly for vulnerabilities
  • Secure remote access client devices
  • Deleting remote access privileges once they are not needed
  • Preventing Remote Access Risks Long-Term
  • Encrypting data to prevent theft
  • Restricting access to unauthorised users
  • Allowing access to legitimate users but limiting to the minimum services and functions required
  • Reviewing server logs to monitor remote access and any unusual activity

8-Steps to Secure Your Computer (for personal/ home computer)

 

 

———————————

Sources:

solidsystemsllc.com

ncp-e.com

kemptechnologies.com

searchsecurity.techtarget.com

techopedia.com

techterms.com