Security continuity with remote access technology

Following government guidance, more and more businesses are now investigating and suggesting the use of remote working to help protect employees from infection. In some cases this may even mean closing offices entirely.

To help balance the welfare of your workers with the security demands of your network, Fidus has prepared multiple solutions. Each will allow us to establish a secure communications channel through which to test internal infrastructure and applications without having to visit your offices. Our solutions allow us to actively engage with your internal infrastructure and conduct assessments as if we were sitting at a desk as normal, without the added risks that currently come with this.

Option 1 – Fidus’ Boomerang Service

If your business does not already have a suitable VPN connection option, Fidus can quickly deploy an alternative: our Boomerang service.

By installing a physical appliance or virtual server inside your network your dedicated engineer can create a secure site-to-site connection that links directly back to a customer-specific server in our secure Coventry data centre.

Traffic between the two endpoints is fully encrypted and isolated to prevent data contamination. All Boomerang configurations utilise their own, segregated, hosted infrastructure and all data is confined to the encrypted connection. This allows us to continue performing penetration tests as if we were sat at a desk in your office.  To prevent unauthorised use, connections can only be launched by your Fidus consultant using secure token-based Two Factor Authentication (2FA) to complete logon.

Our Boomerang service has been actively deployed countless times over the past 12 months and is a common alternative for internal engagements to help save costs on travel, accommodation and food. Our offering was originally developed purely as a cost-saving measure for end-clients but has now become a go to option for helping our clients meet their security requirements in unusual circumstances: such as mandated work-from-home policies.

There are two ways to deploy Boomerang in your network – Posting a physical device or providing a unique download containing a virtual image:

• The implementation process of Boomerang is as simple as can be. All devices or virtual machines are pre-configured and are designed to be plug and play. The only requirement is the device or virtual machine be placed in the correct segment of the network for the required visibility of assets and have the ability to reach a publicly accessible IP address owned by Fidus. In the scenario of an empty office, a Fidus consultant can install the device on your behalf with remote guidance from yourselves.
• Once installed, you retain full visibility and control of the Boomerang device whilst it is connected to Fidus’ secure data center in the UK.
• All data is trasmitted over secure, encrypted, channels and is stored in-line with Fidus’ ISO 27001 accredited policies.
• At all times, you retain the ability to disconnect Fidus’ Boomerang device and sever connectivity between Fidus’ offices and your own.

Option 2 – Customer VPN

Another option is to make use of any existing VPN connectivity you have set up. In most cases this will be the same technology and configuration as your employees working from home will use.

This configuration provides the exact same functionality as a workstation physically connected to the internal network. Using a VPN session we are then able to continue testing hosts and applications as we would from inside your offices.

If required, we will arrange to carry out additional secure routing or to install a jump box that allows us to test other network segments.

Maintaining security during an unprecedented health crisis

These remote access solutions are our first-stage response to dealing with COVID-19 from a corporate perspective. Both have been suggested to help Fidus customers maintain business-as-usual operations and security without compromising the safety of your employees.

Whether we use your VPN or our Boomerang appliance, the final solution will be tailored to the specific needs of your business and pen test project. Where your requirements fall outside these remote models, limited site visits will continue as normal.

Throughout this current health emergency and beyond, Fidus is committed to:

• Delivering our usual expert level of penetration testing, no matter what.
• Limiting all but essential travel to protect customers and our consultants.
• Preventing delays to penetration testing.
• To eliminate additional travel expenses for customers.

Performing security testing remotely remains critical, even when normal office-bound operations are on hold. The ongoing global pandemic may cause significant operational disruption, but Fidus is here to help your business protect its information assets throughout.

To learn more about our remote access solutions please get in touch.