DeepSec2021 Press Release: Company Desktops as a Gateway for Digital Attacks
Home office relocates the digital company door across countries and cities into the living space.
Teleworking has been around for over 50 years. The virtual way of working has gained a lot in importance since last year. The pandemic has increased the distance and technology for the home workplace has made a real breakthrough. Unfortunately, the same cannot be said for information security. Many installations lack basic security, especially when using personal devices without company in-house configuration. The DeepSec conference and Certitude Consulting warn against the use of systems without adequate protection.
Bring your own demise with private hardware
The COVID-19 pandemic has created great pressure to give employees access to their work environment from home. The implementation requires careful planning and the use of secure end devices and protocols in network transmission. Popular solutions are the Remote Desktop Protocol (RDP) or Citrix environments, which bring the desktop at the office desk to any other computer. The critical point is the isolation between the home office environment and the company environment. Exchange of data, print services, contents of the clipboard or removable media must be configured appropriately. How secure must the environment from which access is made now be? The company Certitude Consulting has demonstrated that an infection with malware can overcome the barriers between local devices and company workstations. Simulated mouse and keyboard actions can extend into the virtual environment, which makes it possible to compromise the company network via contaminated home office devices.
Training: Attacks on the desktop
Modern desktop applications use components that were previously only used in web applications. The modular design allows the software to be more easily attacked because a weak point in a component can then be used for a whole range of programs. As part of this year’s DeepSec conference, a training will be held that is specially tailored to attacks against modern desktops. The aim of the training is to convey the dangers of the applications so that countermeasures can be implemented better. Attacks against Microsoft Teams, Skype, Bitwarden, Slack and Discord are part of the examples that trainers Abraham Aranguren and Anirudh Anand will demonstrate. Participants of the course receive unlimited support by e-mail when booking and access to a portal with exercises to train their own skills.
In general, desktops are the linchpin for gaining access to sensitive information. Typically, several applications are used that interact with different systems. People with special privileges are therefore particularly worthwhile targets. Companies have been attacked through such channels in the past. Administrative access therefore requires special care when securing.
Countermeasures
The principles of information security are always partitioning off areas, restricting access, inspecting interactions and performing all tasks with minimal privileges. For the home office environment, this specifically means the timely installation of updates, careful selection of installation sources for applications, strong authentication, no automatic link between file types and actions, as well as great caution when handling external data such as documents or websites. This advice was and is given again and again when it comes to the safe handling of networked workplaces. It should not be forgotten that these principles always apply when access to internal resources is assigned.
At the first DeepSec conference in 2007, a presentation was given on the subject of the perimeter network of ones own organization. Even then, a few companies did without the distinction between internal and external networks. The advantage of this approach is that any data transfer must be secured directly from the computer case. This means the consistent implementation of encryption, secure protocols and authentication for all accesses and applications. This eliminates the need to consider exceptions and rely on assumptions (such as trustworthy internal networks). This makes protection much easier. In addition, changes such as setting up home office environments are no longer explicitly necessary. The client can be used safely anywhere.
Sustainable information security
The changes for home office operations will not go away after the COVID-19 pandemic. There are many reasons to support this way of working. It is important that the access is properly secured. This not only requires a complete revision of the clients. It is also important to question your own infrastructure in terms of security. Secure network connections are never a temporary solution. Exactly the same must apply to the workplace environment, whether in the office or outside – and at all times.
Programs and booking
The DeepSec 2021 conference days are on November 18th and 19th. The DeepSec trainings will take place on the two preceding days, November 16 and 17. All trainings (with a few exceptions) and lectures are intended as face-to-face events, but due to possible future COVID-19 measures, they can take place partially or completely virtually. There will be a stream of lectures for registered participants.
The DeepINTEL Security Intelligence Conference will take place on November 17th. Since this is a closed event, we ask for direct inquiries about the program. We provide strong end-to-end encryption for communication: https://deepsec.net/contact.html
You can order tickets for the DeepSec conference and the trainings online at any time under the link https://deepsec.net/register.html. Sponsor discount codes are available. If you are interested, please contact deepsec@deepsec.net. Please note that we are dependent on timely ticket orders due to the security of planning.