Secure Configuration for Remote Devices

Secure configuration is an important element of any good Information Security Programme. There are specific elements of  secure configuration that are more prevalent when protecting devices that are to be used remotely and off the corporate network, primarily due to the change of attack surface and increased levels of risk.

In this post we will summarise at a high level, what we feel are the most important elements of Secure Configuration that should be implemented when introducing remote working. These pieces of configuration should be implemented as part of a comprehensive Information Security system.

  1. Device Encryption.
    As mentioned in our article about the Top Risks Introduced by Remote Working, lost and stolen devices are one of the main reasons organisations report data breaches to the UK Information Commissioners Office (ICO). Ensuring your mobile devices, including laptops, USB storage, mobile phones etc, are encrypted is critical to protecting your organisations data. If a laptop is subsequently lost or stolen and it has strong encryption configured, there is a significant reduction in the chance that a third party could access your data. Specific encryption instructions can usually be obtained from your device manufacturer or from the below links.

    Windows based devices – https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview
    Apple based devies – https://support.apple.com/en-us/HT204837

  2. Firewall Configuration
    When users work remotely, the perimeter of your security and control suddenly shifts from your office network to the device itself. For example, when a user connects to their home network, you have no control over the configuration of that network or the devices connected to it, so the focus of your security needs to shift to the device itself.

    Ensuring the firewall is configured correctly on both Windows and Mac devices is very important. As a minimum we would recommend changing away from default firewall settings and ensuring that all inbound traffic to a device is blocked. To take this a step further you could also enforce strict outbound firewall controls to only authorised services. Device firewall setting should be configured as standard but from experience we know this is an area that is often overlooked.

    Having inbound services exposed due to a poorly configured firewalls can have a number of implications, including exposed Remote Desktop Sessions (just like the ones in the top image) and SMB services which are frequently targeted by cyber criminals.

  3. Enforce Strong Passwords
    Strong passwords should be enforced by policy across all of your devices at all times.  We would recommend that all default passwords are changed as a minimum and strong password policies are enforced across all devices, including laptops, mobile phones and tablets. If possible we would also recommend using a Password Manager.

    User education when setting passwords is key and the NCSC has published some great advise on choosing strong passwords. This is particular key if you’re not in a position to enforce password policies.

For organisations that are looking for a more comprehensive approach to Secure Configuration, Microsoft offer a set of Windows Security Baselines and the Center for Internet Security offer a range of baselines for other operating systems, including Windows.

Summary

These three elements are critical components of a well rounded information security strategy and they should be a prime focus when introducing remote working. We hope you found this article useful and if you would like any assistance or have any questions then please feel free to get in touch with us.