We are now living in challenging times due to the COVID-19 outbreak as we work from home, self-isolate, and protect the vulnerable. I must say a big thanks to my employer, Rapid7, for having a robust system that enables working from home. Our IT teams have worked around the clock to expand services for remote workers so that we can continue to deliver value for our customers. Well done, all!
Still, as IT and network security staff around the world hurry to roll out more and more VPN and remote access services, it’s important to recognize that security or operational issues can arise. For example:
Employees and contractors may use personal computers to connect to the workplace. These may be unpatched or contain malware.
Opening ports/services on firewalls may result in unexpected behavior/traffic.
Load balancing may not work as expected. Without visibility as to what is happening, it will be impossible to tell whether certain ingress/egress points are overloaded.
It’s more difficult to spot suspicious users and activity if the number of connections suddenly ramp up. Who is connecting into the network and what are they accessing/downloading?
Don’t lose visibility into what is happening on your network
With the rush to roll out extended remote access services, we need to be careful about not leaving our networks open to attack. A rushed change to open up more connectivity through a firewall could leave a network vulnerable.
Mistakes with firewall changes are not uncommon. I remember working with a customer some time ago who had questions about an inbound network traffic report. Within the report, there was activity reported over TCP port 1433. Clients from a number of countries were trying to connect to MSSQL ..
Support the originator by clicking the read the rest link below.
