Understanding the inherent vulnerabilities of allowing trusted outsiders access to the network, these surfaces will require unique attention from SOCs.
Threat #4 – Public Internet Exposure. A device that is both connected to the Internet and enables third party remote access is an external attacker’s prized desire. Using social engineering and other deceptive methods, attackers can gain initial access to your shared workstation and work their way through the network based on this initial foothold.
Using secure remote connection protocols and applying extra layers of monitoring to these workstations will mitigate the possibility of external, unauthorized access, and could provide valuable intel if an outsider is trying to build a stronghold inside your perimeter.
Threat #5 – Proximity to Privileges. Privileged accounts provide both rogue insiders and malicious outsiders the access-level they need to approach sensitive resources securely and/or modify their own access-level. That’s exactly why privileged accounts should be kept hidden and away from shared access workstations like the ones provided to trusted outsiders.
Although this is not always possible due to the fact that most outsider access is given to parties who possess a service or a skill that requires some kind of elevated privilege, we advise forming goal-specific access groups to these devices to ensure both domain-controller regulations and other agents can assist in identifying anomalies in real time.
Sign up for CIO Asia eNewsletters.