Just like many companies in these trying times, we too have asked many of our employees to work from home to protect their health. As a consequence of this decision, our network traffic characteristics have changed dramatically. This change comes with a variety of associated operational and security challenges.
Presumably, there are large numbers of other companies out there, which are experiencing the same situation. In this article, we would like to share our experience with three of the most concerning issues we’ve seen.
Though user experience isn’t necessarily our main priority, it was important for us to make sure that all Flowmoners can stay connected and can continue their work comfortably from home.
1. Secure Sufficient VPN Capacity
VPN is the go-to solution for securing remote connectivity. What has changed, however, is that instead of a few remote users, suddenly everyone is connecting. But the VPN wasn’t designed for such capacity. For us, this meant that regular weekday traffic went up ten times the normal amount. Though for larger companies, this increase can be completely different, the principles involved may be the same.
- Start by checking the traffic structure; how much capacity do you use and need in terms of the number of concurrent users and bandwidth.
- If you’re running out of licensed users, contact your supplier and see if a license upgrade would help. Many vendors offer support and some sort of courtesy upgrade.
- If you are limited by bandwidth due to insufficient hardware resources, check with your vendor if you can get an upgrade soon.
- Some of you may have an extra server with more resources, and if you are confident enough, you could repurpose it for VPN using e.g. OpenVPN to access network traffic. Especially in a situation like this when you are under pressure, pay attention to security and observe best practices, such as enabling 2-factor authentication for your VPN.
- As far as your security policy allows, you can configure the client stations to route Internet traffic directly, offloading some VPN capacity, but naturally introducing some security tradeoffs.
- Lastly, instruct your users to refrain from using high-volume services; e.g., YouTube or Netflix.
2. Manage Uplink Utilization
Depending on how you configured the VPN, you’ll either see an increase or drop in Internet uplink utilization. In Flowmon, we use many cloud-delivered apps (Google Suite, Salesforce, etc.), which users access directly from home. This meant that our company Internet uplink utilization went down. In fact, many of our users do not need VPN access at all. This is an advantage of being a modern, cloud-enabled company.
However, should your users utilize the uplink more than usual due to accessing on-prem-based services, liaise with your ISP. Many are generously offering temporary upgrades at this time. In addition, you can always restrict the services you allow to be used, for instance, block streaming apps. Given the tendency to overscale uplinks, this may not be a problem for most organizations.
3. Minimize Risks Introduced by Personal Assets
Allowing your employees to work at their personal devices from home raises some serious security concerns. Usually, you have no control over these devices and security policies become hard to enforce. If this is your case, consider the following suggestions:
- Monitor traffic properly - no change here. You should do normal day-to-day monitoring the way you are used to but with special attention to VPN hosts and VPN traffic. But, as many times in the past, threat actors can be very creative when it comes to exploiting global social issues. A malware called Emotet has been using the global emergency to find new victims. So, in addition to taking care of our health, it pays off to be watchful in the cyber world, too, monitor indicators of compromise, anomalies, and avoid cybersecurity risks.
- Restrict access and isolate users - allow users to access only the data and services they need in their role. In case of privilege escalation by some malware, you’ll be able to minimize the impact. Again, if you are running on SaaS applications, this should not be a problem.
- Look for other ways of securing communication. One option would be to use terminal services, where the user connects from the unsecured personal device over VPN to, let’s say, a Windows server via RDP. This server is under your control and secure. The remote desktop might not be the best from the user experience perspective, but it is much less risky and quite straightforward to set up and use.
Summary
These are some best practice suggestions based on our experience. We hope you found them useful.
If you need assistance adjusting to the changes that are impacting you, contact support at support@flowmon.com.
Further resources:
- How-to guide Work from home: How Flowmon Can Help You Control Your Network by Klaudyna Busza-Kujawska, Senior Presales Engineer
- Blog Validate indicators of compromise in your network by Pavel Minarik, CTO