Containment: Danger to SI

Containment: Danger to SI

For a week now, many of us have been housebound. Telework has been the weapon that many companies have drawn to keep their business going, so many do not understand why some companies that used to do little or no telework are now able to operate full telework. Similarly, some do not understand that even in the IT field, there are still people who have to work on-site. A brief overview...

Telework, the panacea to all problems?

Telework is a device that allows people to work remotely while having access to the same data and programs. The goal being of course to be able to work in the same way as one does at one's workplace. For this, several devices exist.

VPN and remote connection

The classic teleworker, the VPN. A VPN enables remote connection to the company network, thanks to the establishment of an encrypted connection from the user workstation to the company datacenter.

There are two main types of VPN implementation, "full" and "split tunneling", in the first case, all the traffic passes through the VPN, this allows for example to apply the same network filtering rules remotely as on site, in the second case, we choose to pass only part of the traffic, often everything that points to the internal network, the interest is to reduce the bandwidth required for the VPN.

Seen from a distance, the VPN therefore seems perfect for telecommuting, however for many companies, their VPN has not been designed to have all employees connected simultaneously on it, which produces bottlenecks or worse, can simply bring down the underlying infrastructure, which is not necessarily designed to have a huge throughput outside its own network.

The case of "untrusted" devices

Within a company, in order to guarantee identical operation from one user to another as much as possible and to secure its infrastructure as much as possible, the principle of "trusted" peripherals is often used.

The idea being, for example, that the computer provided by the company is reliable and that only this one has the right to use the VPN link. This ensures, for example, that all computers on the VPN use an antivirus program or encrypt their local data.
With the current containment, many companies have had to compromise to allow external computers to connect, why?

Simply because having a whole fleet of laptops is more expensive than giving laptops to those who normally use them remotely. Furthermore, with teleworking on the rise in recent years, many people simply have PCs that are ready for teleworking, but have no plans to work on this scale.

As a result, some companies are currently forced to accept connections from personal computers.

Inconsistent supervision

Once again, in a company, telework is normally carried out on a portion of the employees. Currently, with full telework, many supervisors have become, in fact, incoherent. Indeed, how to detect data suction, an incoherent external volume, a high number of connections, when the thresholds have not been designed for the current operation.
You will tell me, in this case, we do not take them into account, since we know that this is normal... and you will therefore make hackers who have not taken a holiday for the coronavirus happy, but I will come back to this point later.

Opening up internal resources to the outside world

With telecommuting, many have also been forced to open up resources to the outside world or through the VPN when they were not before, for example due to security concerns.

Concrete examples are certain critical banking systems or HR-related information, which are sensitive and usually restricted.

Teleworking is not possible for all IT activities

I mentioned this just before, but in some companies, sensitive data sometimes requires more than just filtering. So in some cases, very sensitive data may simply be on another network without any possible connection to the VPN, this is often the case in the case of banks, where the most sensitive data is not on the same network, and sometimes even requires going directly to the machines in question.

Also, while many of us enjoy telecommuting, it still requires staff to take care of the hardware that is being used, because servers and network equipment are under strain at the moment, and therefore require special attention and greater responsiveness. Computing is not just about people typing on a keyboard!

The pirates are out!

One constant remains during the coronavirus, the hackers. A few days after the announcement of the outbreak in Italy, there were already the first scam emails. I myself had shared a link about it:

Similarly, I've had several echoes of the classic prepaid card scam. You receive an email from a contact indicating that he has a serious problem and that he needs you to send him urgent money via prepaid cards. Why prepaid cards, simply because they are extremely complicated to trace.

There has also been the case of some dashboards to follow the evolution of the coronavirus which are in fact only nests of viruses and javascript cryptominer.

Do not fall into psychosis for all that, but during this crisis, be careful, and never forget that some will stop at nothing to take your money or your personal data.

In conclusion

In conclusion, I would say that the coming weeks will put a strain on the staff who also have to manage all the infrastructures and their security. Of course, we are not necessarily as exposed as doctors or cashiers, but we also have a heavy responsibility and must be doubly vigilant.

Above all, take care of yourself and your loved ones, and to protect yourself and your family and friends, don't leave your home unless you have to!