Webinar: Learn how to improve WFH security in our Sept. 29 webinar with a former General Electric CIO & an industry analyst Register today

Lock Down Remote Systems




Systems — whether they’re Mac®, Windows®, or Linux® machines — serve as the conduit between users and critical and confidential IT resources.

Systems must be secure and they must perform well, but these tasks likely pose a greater challenge now that many IT organizations around the world have shifted to a remote work scenario. IT admins must identify strategies to harden, configure, and troubleshoot systems without being physically present to do so.

A secure system has various configurations to guard against identity compromise, phishing and other social engineering attacks, and malware. It’s also protected with multi-factor authentication (MFA) and able to return key data about access and activity.

IT admins should ensure the following elements are in place as they lock down each remote system:

Up-To-Date OS & Applications

Admins should ensure that each system’s OS is up-to-date, both for security’s sake and for continued compatibility with software and other resources. They should also strategize about how they will remotely deploy patches and quickly address zero-day vulnerabilities, should they arise — including addressing whether and when users will be allowed to install updates themselves.

Anti-Malware/Anti-Virus Software

Anti-malware/anti-virus software alone can’t protect a remote system, but it’s an important and, typically, economical part of the puzzle. Paired with user education about recognizing phishing and other attacks, this software helps protect systems against threats lurking in emails and applications.

Anti-Phishing Technology

Several system-specific tools guard against phishing attacks, including system-based password management. If users are empowered and able to update their core credentials directly from their workstations — from the toolbar for Mac and using CTRL+ALT+DEL for Windows — they’ll be less likely to submit password tickets or click phishing emails. They’ll also be less vulnerable to any sort of browser-based attack.

Multi-factor authentication (MFA) across access points also prevents most attempts to use stolen credentials gained via phishing.

Secure Configurations

Various security configurations protect systems, such as restrictions on administrator privileges, limits on system preferences/control panel changes, and requirements for password length and complexity.

Generally, these configurations ensure user activity on their system is limited to necessary work functions. They can also be used remotely — such as temporarily granting administrator privileges — to enable users to take actions with guidance from IT staff that IT would normally handle. Other configurations, like MFA and full disk encryption (FDE), further protect systems and data.

Compliance & Audit Information

With comprehensive system monitoring, admins can verify the above configurations are in place on each machine without sitting directly in front of it. They can also record and report this information for regulatory compliance and auditing requirements. They can, for example, demonstrate which users can access each system, when each system has last been rebooted, and identify which networks systems are using.

Admins will also need a strategy to implement each of these configurations remotely. Ideally, they can select a platform-agnostic solution that works for all machines in their fleets, rather than selecting OS-specific or piecemeal options. Interested in learning more about a comprehensive system management plan? Check out this interactive checklist to prepare devices for remote work.


Recent Posts
Analyze user LDAP authentication events from a web-based portal or automatically export the data for more analysis. Try JumpCloud Free today.

Blog

Automate Reporting Across LDAP Apps, Networks, & Servers

Analyze user LDAP authentication events from a web-based portal or automatically export the data for more analysis. Try JumpCloud Free today.

JumpCloud is updating the Admin Portal to be able to import users from G Suite without opening a new tab, keeping the workflow in app.

Blog

G Suite Import Tool Changes

JumpCloud is updating the Admin Portal to be able to import users from G Suite without opening a new tab, keeping the workflow in app.

IT admins talk about enrolling in JumpCloud MDM, pulling disk space with System Insights, and MFA. Try JumpCloud Free.

Blog

The JumpCloud Lounge Q&A Roundup: Enrolling in JumpCloud MDM, Pulling Disk Space, & Using Hardware for MFA

IT admins talk about enrolling in JumpCloud MDM, pulling disk space with System Insights, and MFA. Try JumpCloud Free.