Do you remote?

I had a day off (sick day) yesterday, thanks to my highly contagious acute viral nasopharyngitis (more simply known as “a common cold”) – which is comprised of headaches, a blocked nose, joint pain and an annoying cough. But the beauty of this office means that I can still get work done, without infecting my colleagues with aforementioned common cold.

I can access email remotely, dial into the phone system and take calls remotely, chat to other staff via MSN Messenger, and so forth. While this does provide a bit of a distraction on weekends and after hours, it has numerous benefits – like the one I mentioned above, which is where I can still get work done and meet artwork deadlines and so forth, but without making others sick.

Having remote access has a lot of benefits, but there are also some issues to address if one is not familiar with the setup of these sorts of networks. I use free VPN software to create, in essence, what is called a secure “tunnel” between my work and home computers… it’s like running a very long blue network cable from the city out to the suburbs, and connecting a remote computer to the switch or hub at work.

In fact, it’s doing exactly that, but using secure system that’s a little slower (since the internet connection at each end is the bottleneck – running at a mere 24Mbps instead of the usual 100 or 1000Mbps speed of a common local area network, or LAN). There are a nyou have the permission of your boss and / or IT manager, to ensure you don’t create any security holes.umber of free and cheap applications out there on the internet that will allow you to setup VPN (Virtual Private Network) tunnels between locations, but before setting these up at your workplace, make sure

So things to think about include…

• Think about whether you really need remote access. Can someone else do your job or access the things you usually access if / when you’re away?
• Close any services that you don’t need. For example, the popular VNC remote-access program, by default, opens two ports – one of which serves up a web-based remote access client using Java, which (in my experience) is hardly ever used, if at all. If you don’t use a particular remote-access feature, why leave it open and turned ‘on’ for hackers to potentially take down, or make use of a security flaw in?
• Use encryption where possible. Many programs, including the VNC have encrypted versions which encrypt the information sent across the internet.
• Use a secure VPN to create a local-like network between two remote points.
• Try and use the latest version of whatever software you use. Older versions of software often contain security vulnerabilities. Newer versions will most likely contain less, or no, security holes. Regularly check creator’s websites for the latest versions, or use a program’s built-in “auto-update” feature, if available.
• Use existing remote access technologies (if already setup), where possible. For example, use Windows Remote Desktop and Outlook Web Access if they have already been setup in your organisation. These tools / programs are industry standard, and security updates are often widely publicised and sometimes, automatically installed on the servers that run these services (depending on how your IT technician has setup the system).
• If you have to install other remote-access software, use non-standard ports (e.g. don’t use the default port that comes with a particular program; change it to something unusual or different if you can).
• If you run Windows, edit the Windows Firewall rule-scope to only permit access to a particular program or port from a specific remote IP address, or range of addresses. This ensures that Windows will only allow access to remote computers that meet specific criteria, or have certain IP addresses.
• As per above with your firewall, ensure your router is as secure as possible, and use it’s built-in IP forwarding and MAC-address filtering tools to lock-down this part of your network.
• Change all of your passwords regularly. Use different passwords for each service or program. Use complex passwords containing numbers, letters, symbols and MiXeD cAsE.

Good luck, and happy tunnelling!