Michele Peroli, Security Consultant - BSI
In an ever-changing global landscape, where day-to-day life and business can be impacted by unforeseen events, resilient organizations must react and adapt to such dynamics as never before. One emerging trend that we are seeing among organizations is the move to remote working, the implementation of travel restrictions and in some cases a limitation of access to company premises to both staff and visitors. For those organizations for which remote access is not possible (e.g., by using already established solutions such as VPNs), this could have a significant impact on any required or planned on-site security testing, potentially resulting in an organizations’ security program falling behind schedule, or, critical vulnerabilities not being identified and mitigated in a timely manner.
To respond to these challenges and to ensure that organizations are always able to implement their security programs, BSI have established a “Remote Internal Testing Solution” solution in place to allow for internal testing to be carried out without needing to be present at site. The BSI “Remote Internal Testing Solution” is explored in this blog post, explaining its use, security features and how it can be deployed onto your network.
What is the BSI Remote Internal Testing Solution?
The BSI Remote Internal Testing Solution is essentially a client-server solution, where the client is connected to your internal network and to which BSI has access to from the server. Client access allows security consultants to perform all tasks that they normally perform during onsite visits, but from a remote location.
How does it work?
The short answer is that a secure tunnel is created from the client to a dedicated server; BSI consultants then gain access to the client via the secure connection.
The long answer is that the client creates a secure tunnel to a dedicated server instance (a dedicated server is deployed for each organization to add an additional level of separation and protection). The BSI security consultants allocated for the assessment will be able to connect to the server and in turn access the client, which is connected to the organisation’s internal network, using personal key pairs for authentication. Once the assessment is complete both the server and client can be decommissioned preventing any further access to the internal infrastructure.
Download Solution Overview
Is it secure?
Yes, BSI utilize SSH tunnels using client specific keys to provide the secure tunnel from the client to the server. Once the tunnel is established, BSI consultants can then connect into the client within the client network. Additionally, the server instances are unique per client, and not connected to each other to provide effective segregation between clients and their networks.
The dedicated server for each client and the attended setup of the BSI “Remote Internal Testing Solution”, ensures that:
- Traffic is encrypted and therefore secure from being intercepted whilst in transit.
- Access to the internal network is restricted to a certain timeslot (i.e., the assessment duration), and limited to the personnel carrying out the assessment, each of whom have separate accounts and keys for access.
- The use of key pairs throughout the setup ensures that both people and machines are authenticated to each other to prevent man-in-the-middle attacks.
How can I deploy it on my network?
The general workflow to deploy such solution is as follows:
- Choose between the different options available for the installation of the required Linux operating system:
- Virtual machine
- AWS
- Azure
- Bare metal – i.e., server, workstation or laptop
- Docker
- Install the operating system
- Run a provided setup script
- Notify BSI ahead of the start of the assessment
- BSI consultants will perform the assessment
- Client and server components are decommissioned
Conclusions
Performing internal assessment remotely (via VPN or with the BSI Remote Internal Testing Solution) gives a variety of advantages such as:
- Allows for assessments to continue despite increasing travel bans being enforced globally
- Easy deployment and usage will enable BSI security consultant to perform internal assessment worldwide in any condition or location (especially for those remote locations where traveling onsite is not a viable option)
- On demand access also permit a faster response for those cases where internal access is required (e.g., incident response)
- Limit any delay caused by travel disruption or special travel requirements (such as visas or other permits)
- Reduces travel expenses associated with having consultants present on-site
As we have seen on this blog post, having the option of performing internal assessment remotely gives organizations the flexibility to respond and react to unforeseen events and continue to gain the assurances sought from planning and performing regular assessments.
