Tech Support

When VPN is a Vulnerability

Remote Access Software Might be a Better Fit

Using a VPN makes sense for many businesses. It lets remote workers, vendors, and service providers have access to the company's private network from anywhere. Meanwhile, the business maintains some level of control over which applications, documents and resources can be accessed. 

In recent years, VPN usage has been declining. More applications are living in cloud-based infrastructure now, and it's very complex to administer and safeguard a VPN. 

So, what's the right solution for you? Is a VPN good enough, or does your business need a more secure tool to protect sensitive data? This new checklist will help you decide. 

DOWNLOAD THE CHECKLIST

Keep reading this blog post for a discussion of the top VPN vulnerabilities: remote work, IoT devices, and vendor management. 

Remote Work

It's never been harder to maintain a security perimeter. With remote employees and cloud sprawl to consider, most IT teams have moved past the idea of a centralized network where everything is safe. Instead, the goal is to detect unauthorized access quickly and limit horizontal movement in the network  keeping sensitive data protected.

There are countless endpoints that can be exploited these days. Employees who connect through open WiFi are targeted with malware, and even the most vigilant workers can be hit by sophisticated phishing schemes that seek VPN credentials.  

"VPN hacks are often part of highly targeted cyber attacks." ComputerWeekly

It's safe to assume your network can be infiltrated (in fact, it may already have been). Some teams add security layers, VLANs, switches and subnets to keep the most important data in the most secure corners of the network. 

That helps, but it might be easier to limit remote employees' access to the specific resources or applications they need, using a more secure remote access tool.  

Internet-Connected Machines 

IoT devices have become an important threat vector in 2019. While the manufacturing industry gets a lot of attention due to IoT proliferation, digital twins, remote equipment management (REM) etc, companies in every industry are being targeted. 

"SMBs have proven highly vulnerable because they commonly outsource PoS management to third-party solution providers, many of which fail to properly secure the remote access technologies they use to ‘help’ their customers." Tech Target   

Think of all the internet-connected devices that can access your corporate network, either directly or through remote workers:

  • Security cameras
  • HVAC systems
  • PoS terminals
  • Thermostats
  • Printers
  • Lighting systems
  • Industrial machines
  • Kiosks
  • Digital signage
  • Smart speakers
  • Drink or snack machines
  • IoT-enabled appliances

With strong network segmentation, you can keep these systems isolated. But that's complex to administer. 

Remote access software makes sense when connecting to devices that are kept off the main network, or machines that only need infrequent access. 

Vendors and Service Providers

If your business relies on vendors, you face a unique set of risks.

Third parties have become a prime target for cyberattacks. Target found out the hard way in 2013 when it was hacked through an HVAC vendor that had VPN access  one of the most impactful and financially disastrous data breaches ever. The situation has not improved since then.

"MSPs have almost unparalleled access to their clients’ networks, especially in small business. Clients are often completely reliant on the MSP to manage and troubleshoot systems." US-CERT

Of course, knowing that vendors are prime targets for hackers to infiltrate your network, it makes sense to harden access for third parties.

But that approach comes with a lot of headaches. Vendors change users and roles all the time, which is a nightmare to manage via Active Directory  especially when there are multiple vendors. Too often, client companies just give them extra control so they can manage their own access.

christin-hume-505823-unsplash

That isn't a sustainable fix, especially because vendors are often given too much access to the corporate VPN. Usually, a third party only needs to access a specific set of applications, files, devices, servers, or drives.

With a VPN, that's complicated to set up and manage.

With remote access software, it's simple.

Simple is good. It's no secret that IT teams don't have enough skilled employees to keep up with the threats they face. If you can't staff up, use better tech. 

While a VPN has open ports that can be scanned for weaknesses, Netop Remote Control uses outbound-only connections that keep ports invisible. More importantly, you can set granular controls for KVM and file transfer, including MAC / IP filters, application whitelisting, and time of day / location access rules.

Overall, a secure remote access tool like Netop is a lot easier to manage than a VPN, while making access control safer at the same time.

Auditing with Remote Access 

Most VPNs don't have any built-in tools for auditing or session logging. This is another area where remote access software helps. 

Some businesses need an audit trail for regulatory compliance. But there are benefits at a higher level too: those features are critical for troubleshooting, intrusion detection, and forensic analysis when responding to incidents. 

Netop Remote Control includes unalterable audit logging and video session recording, giving IT teams a far more robust feature set than VPN offers. 

More Resources

You can download the VPN vs Remote Access Software checklist here, or join Netop for a free webinar on March 26 to discuss the checklist in more detail. 

REGISTER HERE

Related

March 31, 2014 at 6:04 PM
In "Netop Remote Control", "Best VPN", "device support", "Device VPN", "Greg Griffiths", "IT Survey", "network security", "Network security survey", "Remote support", "Remote Support", "Network Security", "VPN Security", "VPN Substitute", "VPN Survey", "Netop", "Industrial Technology", "Remote Access", "remote control", "Remote control software", "Spiceworks", "Spiceworks survey", "VPN alternative"

Subscribe to Email Updates

OUR LOCATIONS

Birkerød, DK
Portland, OR, US
Bucharest, RO
Manila, PH

Americas: +1 866 725 7833
Worldwide: +45 8987 4424

Our Tweets

RECENT POSTS