Securing SMA Services
I'm currently doing some research on the use of VPN/RAS/SMA solutions & services particularly with the current prevalence of home working. I'm really keen to put some security related questions out there and hear your thoughts and ideas please, and lastly to challenge you to think about your own plans for responding to a cyber attack;
What do you think is the most likely form of cyber attack on your public facing SMA/RAS/VPN services might be?
Are you able to list all main forms of attack there might be, and do you have a plan in place for each?
Have you tested these plans?
How quickly do feel you might be able to respond on any given day to the attack?
How confident are you that your chosen monitoring approach would reveal a compromise for a service in your care?
What else should you be asking myself in terms of securing these services?
I really welcome your thoughts and comments.
Well I really like the way you think.!
What I can say is this:
We limit the use of VPN's to executives(laptops) and use 2FA to ensure tight authentication. We prefer people to "Take Control" of the likes of a "Terminal Session" or of their own machines so they don't need an actual VPN with any full LAN access.
We ensure resilience with imaging backup schemes offsite. (Fortunately we have never had to use them to date).
We discourage BYOD and personal devices for Remote Access. If they are to be used then we insist on being able to deploy our endpoint security.
We encourage the use of Thin Mobile Clients.
So I guess keeping it as tight as possible is key. We still believe in on-premise perimeter security although we are exploring other options.
Despite our efforts to do full integration of AD and TS agents, the lack of SonicWALL"s ability to do timestamped IDENTIFICATION of DEVICES and USERS in its UTM/NSM/GMS reporting is disturbing us however.... so your below questions play to that.
-"How quickly do feel you might be able to respond on any given day to the attack?
How confident are you that your chosen monitoring approach would reveal a compromise for a service in your care?"
I should also say that the SMA has been a great remote access solution for us and we use a single virtual appliance for many of our customers.