It’s every IT person’s dream: you’re lounging on the beach in the Bahamas, sipping piña coladas from a tall glass with the little umbrella, laptop in hand, getting all of your work done remotely. Remote administration grants you the flexibility to turn that dream into reality.
But don’t book that flight without first considering the differences between “administration” and “remote administration.”
I’m talking about security. If your workstation happens to be on the same private network as your servers or devices, security probably isn’t a big issue for you. If however, you are in the Bahamas and your servers are in Pennsylvania, logging into your servers remotely is a big security risk. Any scenario where your servers are on a separate network from the workstation you intend to administrate them from presents the same risks.
So whether your plans including moving to the Bahamas, or even just working from home in your PJs every now and again, we should talk about the security best practices for remote administration that will get you there.
- Use strong passwords for ALL logins. A strong password has the following characteristics: 11 or more characters long, at least one number and one special character, and a mix of upper- and lowercase letters. Avoid words found in a dictionary, as well as the “L33T” versions of those words. Do not use published example strong passwords. So for example yun8(HJ2zX!h would have been a strong password, but now it’s not.
- Make sure those strong passwords are transmitted over a secure protocol. Pop quiz, which is the secure protocol: (a) logging into your corporate file server via FTP with your domain administrator account, or (b) connecting to your company’s webmail front-end via HTTPS through a web browser? If you chose (a), you just broadcasted your admin password as plaintext across the Internet, in plain view of anyone who knows where and how to look. The correct answer is (b). By encrypting your credentials via HTTPS, it would be difficult and time-consuming for hackers to intercept.
- If your remote workstation has a static IP address, block administrative access completely to the servers and devices you need to administrate from all IPs other than your unique static IP address. This of course isn’t a viable solution if you are roaming the country from network to network with a laptop.
- Perform administration over a VPN (Virtual Private Network). This is the gold-standard if available. When you establish a VPN between your workstation and the private network your servers or devices reside on, it’s nearly as good as physically sitting on the private network from a security perspective. ALL communication between your workstation and the private network is encrypted, even plaintext passwords!
If you follow as many of these best practices as possible when performing remote administration, you will greatly reduce the risk of a security compromise, and greatly increase your chances of working safely from the shores of Tripoli.
![[img]](/imagesb/yellow_star.jpg)
Share this article:
