How do you ensure that your remote access is secure? Do you consider your servers protected as long as you have in place a virtual private network (VPN), virtual desktop infrastructure (VDI), Azure Virtual Desktop, desktop-as-a-service (DaaS), VDI-as-a-service (VDIaaS), or other forms of secure jump hosts?
There is a misconception that having a secured intermediary is adequate to shield your servers from threats. Unfortunately, this alone does not guarantee secure remote access – what’s missing is a clean source.
Remote access Trojans can seize control of your endpoint beyond keylogging and screen scraping. When I was a supporting judge for the 2004 BlackOPS: HackAttack challenge in Singapore, I watched in real time as a team took control of an opponent’s machine.
But more recently, the city state faced the proliferation of a more worrying threat: banking trojans – in the form of Android malware – causing customers to lose their savings, amounting to millions of dollars. This truly highlights a very real risk of not having a clean source.
If an organisation exposes its privileged access to remote users; VPNs, multifactor authentication, secure jump hosts, sudos, network intrusion prevention and detection systems, and web application firewalls are all inadequate without a clean source.
The clean source principle requires all security dependencies to be as trustworthy as the object being secured. This starts with ensuring that the endpoint is secured to specifications including the version of the operating system, security baseline configuration, and other requirements.
In many solutions, this is often referred to as host validation or host checks. If you are using Microsoft, this can be achieved by implementing Conditional Access.
So, the next time someone tells you that DaaS or VDIaaS is adequate for your administrator to protect his access to an important system, communicate the risks and highlight the importance of applying the clean source principle in a zero trust strategy.
