top of page

How we enable safe remote access

Like many IT companies, Tenacity had to enable remote access for all our customers who didn't already have this last year - almost overnight. And I'm pleased to say that we managed this sudden requirement very well indeed. Within a matter of weeks, every customer across both Tenacity and our sister company had been given secure remote access to their networks. How did we achieve this?





Well, at Tenacity we believe that the best kind of remote access is via VPN (virtual private network). Other quick methods of remote access such as Logmein, Teamviewer, Splashtop, GoToMyPC etc have their place, but they do have some downsides:


1. They don't tend to be based in the UK, so compliance is not the best, and they may or may not comply with the requirements of GDPR. You can research their websites to find out about this; see the trust, privacy and security pages.


2. Whilst many of these companies now do have MFA/2FA capability on the accounts (a text verification on login) this does not tend to be default, potentially leaving the account open to hacking.


3. These systems usually allow users to save the login passwords to Windows, which is another layer of security compromised somewhat.


4. The performance of these systems can sometimes be poor, as there are multiple links to the remote PCs - the connection is not "direct".


5. These remote access tools do not usually link into a Windows domain or your Active Directory infrastructure (and SSO - single sign on), so these accounts site outside of your corporate network - it would be easy to lose track of who has what access, especially when they leave the business.


6. The type of access these systems setup, means that you are usually connecting to what is called the "console session" on the work PC - so unless you are able to blank this screen, you are looking at the same screen as someone at the site - which is potentially a significant confidentiality problem.


What's so good about VPN? Well, mainstream VPN technologies use the highest possible levels of encryption and are so virtually impossible to crack they are basically impenetrable. They operate entirely on your machines and your network without any third party involvement. Once connected via VPN you can then either directly access files or application databases on the server, or connect to a RDS (remote desktop) server, or connect to individual workstations via RDS (which does not suffer from the confidentiality problem above). Depending on the customer's setup, their budget, their requirements and their Internet bandwidth, we can advise which type of solution is best for them. There are multiple types of VPN; we mainly work with OpenSSL VPN or IPsec technologies, but there are more.

How were we able to implement VPN so quickly at the start of the COVID-19 pandemic? Well, every network Tenacity has ever built already comes with a proper hardware firewall - that is, a machine that sits at the perimeter of your network, in between your Internet modem or router, and the rest of the network. These firewalls are NOT like the "software" firewalls on each computer, but a dedicated device to monitor and block unwanted traffic coming into or out of your network, and to look for, detect, and block unwanted intrusions of any kind, or hacking attempts. These devices also have VPN capability, so depending on your requirements, if you already have a hardware firewall, basic remote access capability can be enabled really quite quickly.





© Liam McNaughton, Tenacity, July 2021

Comments


bottom of page