Drastic WFH Shifts Now Need to Put Security First: Five Steps to Making that Shift

  • By Emily French
  • in
  • on April 29, 2020

As originally published by Ratinder Ahuja on ShieldX’s blog

Many enterprises were faced with making a hairpin turn towards a new work from home (WFH) strategy. Corporations scrambled to beef up their remote access infrastructure to mitigate productivity downtimeFor network and security teams, this means a dramatic and overnight shift in network topology as the number of VPN connections increased.Network accessibility was and remains thetop priority but with it comes increased potential for security risks.  Given the new environment, what are the key infrastructure concerns for security and infrastructure? 

Recall, last year’s spike in attacks targeting VPN servers—notably spear headed by nation-state actors–against Palo Alto Networks, Fortinet, Pulse Secure, and Citrix: 

  • Palo Alto Network Security Advisory PAN-SA-2019-0020, in relation to CVE-2019-1579; 
  • FortiGuard Security Advisories FG-IR-18-389, in relation to CVE-2018-13382; FG-IR-18-388 in relation to CVE-2018-13383; FG-IR-18-384, in relation to CVE-2018-13379; 
  • Pulse Secure Security Advisory SA44101, in relation to CVE-2019-11510, CVE-2019-11508, CVE-2019-11540, CVE-2019-11543, CVE-2019-11541, CVE-2019-11542, CVE-2019-11539, CVE-2019-11538, CVE-2019-11509, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11507CVE-2019-11507. 
  • Citrix Security Advisory CTX267027, in relation to CVE-2019-19781. 

These lead to new ways of bypassing perimeter security controls as attackers get past the VPN and land inside your data center. Need further proof, look no further than aerospace giant Airbus, who was hit by a series of attacks targeting VPNs used by airline suppliers to steal sensitive company data.  

This is further exacerbated by enabling employees to work from home without the right planning cycles to prepare for such a move. Each of these systems should have been patched last year when the vulnerabilities were disclosed, and the first attacks began hitting organizations. However, with more and more companies needing VPN capabilities to allow workers to log into private corporate systems and perform their responsibilitiesIT staff responded by putting up more VPN servers to deal with the surging traffic. Here are five recommendations you should follow: 

  1. Fast work and complexity lead to misconfigurations and other basic mistakesBe mindful of the fact when setting up new infrastructure overnight, its possible typical security processes become bypassed in order to just “get it done”.IT staff now needs to reexamine security best practices and pay close attention to the new VPN servers they deployed. Make sure these systems have been patched for vulnerabilities like those listed above, as they are likely to become the most targeted today. 
  2. Avoid shared machines or split tunneling to reduce system infiltrationInspect the configuration of the VPN’s as often times “split tunnels” are established, where traffic from the remote network destined to the data centers and to other destinations on the internet are running on the same machine. Such concurrent tunnels interconnect the world to your data center with a single hop that is outside your network and sometimes even outside the infrastructure teams’ control.  
  3. Prevent perimeter bypassing requires East/West visibilityInterconnectivity of home networks to data centers leads to the risk of bypassing the perimeter. Once this happens, visibility of ongoing progressive penetration deeper into the data center core networksis limited to non-existent. To counter these effects and remain vigilant against attack activities and their progression, utilize segmentation to isolate the systems in your environment where you previously depended on enhanced security controls and hardened perimeters. 
  4. Ensure VPN access aligns with policiesWorking from home shouldn’t allow for greater access to internal systems. Increase logging and review SOC threat hunting techniques and procedures. Identify abnormalities in connections, pinpointing large data transfers, failed logins, and monitor for disabled accounts especially when reducing the work force. 
  5. Review security best practices with everyone. Now would also be a good time to remind employees and third parties who have access to your network about security best practicesWorking from home likely means employees are working on unsecured wireless networks, using personal laptops not monitored or secured, and potentially running out-of-date or unpatched softwareMany employees may be downloading new applications, zoom backgrounds, and reviewing compromised websites hosting COVID-19 updates. Something as simple as a newsletter related to proper configuration of their wireless routers and the use of WPA or WPA2, the need to ensure anti-malware software remains up-to-date, systems patched routinely and using caution when visiting websites can help. 

Leave a Reply

PUBLISHED BY Emily French

View all posts by Emily French

Related Posts

CIO , CISO , CMO , Data , Financial Services , Healthcare , Millennium Staff , Retail

Co-Founder of The Millennium Alliance Joins Young Presidents’ Organization (YPO)

NEW YORK – January 20, 2022 – The Millennium Alliance, an invitation-only organization for Senior-Level Executives and Business Transformers, has had the privilege over the past eight years of collaborating with many of the most accomplished C-Suite executives from across the globe. Millennium is excited to announce that its Co-Founder Alex Sobol is one of the newest […]

#MillenniumLive , CISO , Interview , Podcast

#MillenniumLive on CDN Tech Space and Protection of Security Threats with Fastly

#MillenniumLive welcomes Sean Leach, the Chief Product Architect at Fastly. Sean sits down with Millennium to discuss some of the most serious security threats that organizations face today and where the most critical gaps in organizations’ security architectures are found. Sean discusses how Fastly focuses on understanding the latest threats, how they are being used, […]

CISO

Sujeet Bambawale, CISO of 7-Eleven, Returns to Keynote Our Upcoming CISO Assembly!

After an excellent keynote address in 2021, The Millennium Alliance is proud to announce Sujeet Bambawale is back by popular demand and will return as keynote speaker for the upcoming Transformational CISO Virtual Assembly taking place on March 8-9, 2022. Bambawale has proven himself to be a cybersecurity trailblazer as CISO of the iconic 7-Eleven brand. […]

#MillenniumLive , Healthcare , Interview , Podcast

#MillenniumLive on Automation in Healthcare RCM with AKASA

#MillenniumLive welcomes Benjamin Beadle-Ryby, Co-Founder and Vice President at AKASA. Ben joins us to chat about the challenges of healthcare RCM, the growing importance of resource optimization, and how AKASA’s unique technology is using automation to drive the future of high-quality patient care. Watch the video interview below, or listen on Spotify, Apple, Amazon Music, Google Podcasts, or SoundCloud. About […]

Lovin’ Digital Diary?

Premium content to our readers interested in all things business.

Check Us Out!

Millennium Membership offers Fortune 1000 C-Level executives, leading public sector/government officials, and thought leaders across a variety of disciplines unique and exclusive opportunities to meet their peers, understand industry developments, and receive introductions to new technology and service advancements to help grow their career and overall company value.

About Millenium Alliance Next

About Digital Diary

Created to provide premium content to our readers interested in all things business.

Launched in 2017, Digital Diary was created to provide premium content to our readers interested in all things business. With our blogs catered to deliver the top news stories, trends, and interviews from across all industries.

Read all story Next

Millennium Alliance Membership

Learn More Next

What does it mean to be a Millennium Member? In the midst of the constant disruption across all industries, our members are given the tools they need to digitally transform their organizations and become the best leaders they can be. Millennium Members are provided the exclusive opportunity to attend our 40+ intimate in person and virtual Assemblies, take part in industry-leading Executive Education sessions conducted by the nation’s leading academic institutions, business leaders, and technology providers and receive industry leading content through our Digital Diary Platform as well as the rapidly growing #MillenniumLive Podcast Series.