Systems providing remote access and session recording ensure efficient and secure collaboration with external vendors. With such systems, it is possible to grant subcontractors access to internal server resources and IT systems in an easy yet controlled manner. Among the commonly connected platforms by external vendors are Windows Server systems, Linux, Unix, network devices, HTTPS administrative interfaces, and various types of OT systems. Ensuring security and the ability to perform audits are essential challenges associated with managing such access.
- Systems enabling remote access should guarantee mechanisms that reduce the risk of security incidents. These mechanisms include session recording, password protection, and activity logging.
- A significant aspect that enhances the security of remote access is the ability to monitor the work performed by contractors in real-time and collaborate within a single session.
- Security elements must not compromise the functionality and speed of the tools.
- The universality of the solution and support for a wide range of communication protocols (RDP, SSH, telnet, http/https, VNC) help reduce costs and tighten access processes.
Remote access security
In the era of organizations utilizing an increasing number of systems, their maintenance is often outsourced to external entities. Most service tasks and support are carried out by independent subcontractors. This is a convenient and fast way to ensure proper technical support for IT systems. Unfortunately, if such access is managed improperly, it increases the risk of security incidents. These incidents can arise from various causes, including software errors, incorrect configuration that could be exploited for unauthorized access to machines, intentional actions by third parties aiming to misuse remote access in an unsafe manner, or simply due to the carelessness of users. Therefore, the key task is to build a remote access and session recording system that addresses all aspects impacting its security, including architectural considerations, permissions, and subsequent auditing.
The architecture should minimize the potential attack surface, for example, by utilizing the least number of communication ports, securing access to isolated networks, and ensuring encrypted communication during sessions. The system itself should provide access security, such as implementing multi-factor authentication (2FA/MFA) and network restrictions for the administrative interface. The ability to customize the system according to the user’s needs is also important, as some entities, for formal reasons, exclude cloud services and require the entire system to operate in the ordering party’s infrastructure.
The security of privileged credentials is one of the key issues in the IT domain and is not limited to remote access. External vendors often need to perform tasks that require administrator privileges. Explicitly handing out privileged credentials significantly increases the risk. In such cases, the best solution is to separate subcontractors from knowledge of the privileged account password and automatically inject the credentials by the system during the login to the remote resource.
Another significant step is to eliminate the use of privileged accounts altogether. Instead, it is recommended to use standard accounts with low privileges, selectively elevating permissions for precisely defined tasks performed by subcontractors. PEDM/EPM (Privilege Elevation and Delegation Management) systems are used for this purpose. Precisely regulated privileges allow creating roles necessary to ensure the security of organizational processes. By establishing detailed permissions, contractors can only connect to defined resources, and during the session, they are provided only with approved tools by the security department. For example, they may be prohibited from copying files or synchronizing the clipboard.
Audit and registration of sessions
Session recording conducted by external vendors is one of the key features that a remote access system should possess. Detailed session logs and recordings allow for later auditing and obtaining information about the tasks performed. These functions become particularly important when investigating the cause of system malfunctions resulting from incorrect previous configurations. In addition to the benefits associated with accountability, such recordings can be used to build knowledge bases and provide training for administrators. Interestingly, many users of such systems also notice an improvement in the quality of work performed, as service technicians and administrators, knowing that sessions are being recorded, take more thoughtful and less risky configuration steps.
- Session recording should be centrally managed, meaning that the initiation of session recording should be independent of the subcontractor, and the recordings themselves should be stored within the client’s environment.
- Logging session data is particularly important when insight into statistical information related to accountability of the external vendor’s work is required, such as the number of sessions and their duration within a specified period, or the need to gather information on which files the contractor copied to the machines they connected to.
- Real-time collaboration and communication through chat with the subcontractor are valuable features when cooperation is needed to solve problems or carry out service work. All chat communication should also be recorded and accessible in the logs associated with the conducted session, allowing for content analysis.
- Notifications and the ability to introduce an access request approval process provide an additional step in the session establishment process for external entities accessing resources. With this functionality, internal administrators or the security department are always aware of when and why connections are made to critical resources. Such tool configuration allows for manual access approval to be enforced before the subcontractor can initiate a remote session.
