JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Lock Down Remote Systems



Systems — whether they’re Mac®, Windows®, or Linux® machines — serve as the conduit between users and critical and confidential IT resources.

Systems must be secure and they must perform well, but these tasks likely pose a greater challenge now that many IT organizations around the world have shifted to a remote work scenario. IT admins must identify strategies to harden, configure, and troubleshoot systems without being physically present to do so.

A secure system has various configurations to guard against identity compromise, phishing and other social engineering attacks, and malware. It’s also protected with multi-factor authentication (MFA) and able to return key data about access and activity.

IT admins should ensure the following elements are in place as they lock down each remote system:

Up-To-Date OS & Applications

Admins should ensure that each system’s OS is up-to-date, both for security’s sake and for continued compatibility with software and other resources. They should also strategize about how they will remotely deploy patches and quickly address zero-day vulnerabilities, should they arise — including addressing whether and when users will be allowed to install updates themselves.

Anti-Malware/Anti-Virus Software

Anti-malware/anti-virus software alone can’t protect a remote system, but it’s an important and, typically, economical part of the puzzle. Paired with user education about recognizing phishing and other attacks, this software helps protect systems against threats lurking in emails and applications.

Anti-Phishing Technology

Several system-specific tools guard against phishing attacks, including system-based password management. If users are empowered and able to update their core credentials directly from their workstations — from the toolbar for Mac and using CTRL+ALT+DEL for Windows — they’ll be less likely to submit password tickets or click phishing emails. They’ll also be less vulnerable to any sort of browser-based attack.

Multi-factor authentication (MFA) across access points also prevents most attempts to use stolen credentials gained via phishing.

Secure Configurations

Various security configurations protect systems, such as restrictions on administrator privileges, limits on system preferences/control panel changes, and requirements for password length and complexity.

Generally, these configurations ensure user activity on their system is limited to necessary work functions. They can also be used remotely — such as temporarily granting administrator privileges — to enable users to take actions with guidance from IT staff that IT would normally handle. Other configurations, like MFA and full disk encryption (FDE), further protect systems and data.

Compliance & Audit Information

With comprehensive system monitoring, admins can verify the above configurations are in place on each machine without sitting directly in front of it. They can also record and report this information for regulatory compliance and auditing requirements. They can, for example, demonstrate which users can access each system, when each system has last been rebooted, and identify which networks systems are using.

Admins will also need a strategy to implement each of these configurations remotely. Ideally, they can select a platform-agnostic solution that works for all machines in their fleets, rather than selecting OS-specific or piecemeal options. Interested in learning more about a comprehensive system management plan? Check out this interactive checklist to prepare devices for remote work.


Recent Posts
Samba file servers are a popular option when considering file storage. So IT admins are focusing on LDAP authentication for Samba file servers.

Blog

LDAP Authentication for Samba File Servers

Samba file servers are a popular option when considering file storage. So IT admins are focusing on LDAP authentication for Samba file servers.

Integrating AWS Client VPN into your IT environment is simple with the help of a cloud directory service. Try one here for free.

Blog

Integrating AWS Client VPN into Your IT Environment

Integrating AWS Client VPN into your IT environment is simple with the help of a cloud directory service. Try one here for free.

We’re launching JumpCloud University, a free education platform to help you get the most out of your directory. Try JumpCloud free today.

Blog

JumpCloud University: Our Approach to Education

We’re launching JumpCloud University, a free education platform to help you get the most out of your directory. Try JumpCloud free today.