We’ve recently set up a server that needed to be accessible via Remote Desktop from anywhere, so we had to get a bit more creative with security.
In the modern days of the Internet, security is key. We often see news of data breaches for global corporations, but they’re not the only ones at risk, and ‘Hackers’ don’t need to specifically identify your network to attack it. Bots run constant access tests all over the internet, looking for vulnerabilities and areas they can work their way into. This is quickly evident if you open up a server to the internet and you suddenly receive 15,000 log in attempts in a single day. When you need to do this though, how can you help mitigate the risk?
Let’s get the obvious out of the way first, Use a hardware firewall, and a software firewall, to manage access into your network – Make sure any ports you don’t need are closed by default. Also make sure you have fully up to date Anti-Virus and Anti-Malware programs running on the server itself. One extra option to consider is locking down the access to specific IP addresses, but this only works if you know where you’ll be accessing the server from. If you’ll be on the move a lot or you’re just not always going to be accessing from the same locations this is a bit harder to manage.
Roll out the Two Factor Authentication (2FA).
2FA has been around for a while, but only in the last few years is it being taken on by small to medium businesses as a serious security measure. One of the best things about 2FA is how simple it is to both setup and use. You’ll usually have to subscribe to a third party software company, but that’s not an issue in exchange for peace of mind.
When a user logs in to Remote Desktop they enter their username and their password as normal, but then they are prompted for an access code. These codes are generated by the user’s mobile phone, a different code is generated every time they log in. This means to gain access to the Server you not only need to get past the normal Username and Password security, you need to get past this extra layer as well – which requires the use of the employees mobile phone, which is usually protected by another password.
Saying that, a password can be bypassed, guessed, and hacked – the access code is not so simple. The mobile app generates the code and transmits it to the 2FA Server which knows that if the same user enters the code within X amount of time, they can log in. If they Enter a different code they are rejected and the login fails.
Some 2FA softwares allow you manage the code via text message or phone call as well, so you don’t even have to rely on the app (If you’re still using an unsupported mobile OS like Blackberry for example)
Even if your Server isn’t open to the Internet, Two Factor Authentication is worth considering to make sure your network remains safe and secure.