State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Remote Access Causing Network Security Issues

NJCCIC Alert

Original Release Date: 4/24/2020

Summary

Due to COVID-19, many employers have instructed their staff to work remotely. A large portion of these employees will require remote access to their company’s internal network to complete their duties and responsibilities through the use of remote access services like Remote Desktop Protocol (RDP). Providing remote access needs to be done in a way that only permits access to authorized users and systems. Leaving RDP port 3389 open to the internet, for example, could provide cyber-criminals with access to a company’s network. This access can be used to deliver malware or steal data; RDP is often the attack vector used in ransomware incidents. A search on a publicly-available website revealed that there are nearly 30,000 RDP ports open to the internet in New Jersey alone (above image). Due to the rapid rate in which COVID-19 began impacting citizens in the US, many companies were forced to provide employees with the ability to telework very quickly, likely leaving little time to account for all of the security issues that accompany this change. With the substantial rise in remote access use, threat actors may be better able to hide their activity within legitimate traffic. If a company’s IT/information security team cannot account for every user and system accessing their network at any given time, it is possible that an unauthorized user or malicious activity could go undetected.

Recommendations

The NJCCIC advises companies and organizations to adjust network settings to prevent ports that provide remote access services – such as ports 3389, 22, and 23 – from being exposed to the internet, implement a Network Access Control (NAC) solution to ensure only authorized devices are permitted to connect to internal networks, disable remote access ports on systems and servers that do not require these services, and require the use of a virtual private network (VPN) with multi-factor authentication enabled for all users. Additionally, follow the Principle of Least Privilege and enable User Access Controls (UACs) to prevent changes to user privileges; keep all hardware and software, including anti-virus/anti-malware programs, updated; and implement a comprehensive data backup plan that includes keeping multiple copies off the network in a separate and secure location that are tested regularly. For more information, please see the NJCCIC This is Security post Tips for Teleworkers, Remote Access Security

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.