With more and more employees working remotely VPN Security is a huge concern. Businesses have traditionally used virtual private network (VPN) technology to enable this remote connectivity, but security concerns are requiring companies to leverage new ways of enabling secure file remote access by reviewing VPN Alternatives. The news if rife with daily stories of companies subjected to ever increasing security risks. For example the Krebsonsecurity blog list numerous reports of ransomeware shutting down governments and institutions.
The problem with utilizing VPN software to connect to work resources is that end users are creating an open tunnel between their home and corporate networks. This method allows full remote access to the entire work network from outside the office, bypassing most firewall rules (the VPN connection is technically initiated from inside the work LAN). In most cases, the entire corporate network is accessible to the remote worker, exposing all servers and desktops rather than just the resources needed.
In this scenario, any security vulnerability or malware present on the remote worker’s computer and network can infect the work network for the duration of the VPN connection. This includes viruses. For example, if the remote PC has a nasty virus, it can spread across the VPN to the corporate network and could bypass work firewall protections. In addition, if the remote PC is compromised, it could be used as a conduit directly into the office LAN where hackers can exploit vulnerabilities to gain unauthorized systems access.
To reduce exposure to the corporate network, VPN users should be prevented from opening a VPN session to the corporate office (especially from unmanaged home PCs). The connection should be locked down to only what the teleworker needs to access to and prevented from leaving the connection established when not in use. Furthermore, Network Access Protection (NAP) technologies should be enabled on the VPN access point to prevent access from PCs without a firewall and current antivirus protection enabled.
Example of a VPN User Scenario
A remote teleworker is connected to the VPN from their home PC and gets infected by Cryptolocker. At the time of infection, they happened to be mapped to a corporate network drive. Perhaps they pay the ransom or perhaps not (maybe they don’t because they have backups of the work on their own home machine). The timer lapses and the teleworker runs a malware cleaner to remove the infection. They’re relieved but unaware that they’ve encrypted several files on our network drive due to the original infection. They don’t think to inform the IT department because it’s an issue with their home PC and not “work-related.”
A few weeks pass and other workers discover that a file on the network drive won’t open. They flag it to the IT department. The IT team restore the file from backup, but unfortunately, it turns out that only encrypted files have been backed up for the past 4 weeks… So the company has now lost the data as a result.
This situation could become exponentially worse, as thousands of network files could be encrypted and the business would never know until somebody tries to open them and is unable to do so because of the infection. Clearly using VPN’s to access files with no protection or intelligence is unsupportable and has become high risk for any enterprise.
MyWorkDrive as a VPN Alternative
MyWorkDrive alleviates these security issues and complexities because only a single port (SSL Port 443) is exposed to the remote worker’s PC and network—all other connections are blocked. This greatly reduces the surface area for attack by virus infections and hackers. In addition, MyWorkDrive allows administrators to add two-factor authentication for improved VPN Security using our DUO.com integration.
Users can still map network drives using our own Mapped Drive or Mobile clients or access files using our Web File Access client—this enables the same user experience they have to come to expect when in the office. Additionally, threats such as Cryptolocker viruses, which typically rely on Windows file shares (SMB) to encrypt files, are prevented– since no Windows File Shares are exposed VPN Security is improved. Administrators may also enable file extension blocking or only allow approved file types to further secure file access along with administrative alerts that will notify them when user changes to files exceed set thresholds.
Contact us today to get started setting up a secure vpn alternative remote access solution with MyWorkDrive – https://www.myworkdrive.com
© Copyright Wanpath LLC. dba MyWorkDrive, All Rights Reserved