Following government guidance, more and more businesses are now investigating and suggesting the use of remote working to help protect employees from infection. In some cases this may even mean closing offices entirely.
To help balance the welfare of your workers with the security demands of your network, Fidus has prepared multiple solutions. Each will allow us to establish a secure communications channel through which to test internal infrastructure and applications without having to visit your offices. Our solutions allow us to actively engage with your internal infrastructure and conduct assessments as if we were sitting at a desk as normal, without the added risks that currently come with this.
Option 1 – Fidus’ Boomerang Service
If your business does not already have a suitable VPN connection option, Fidus can quickly deploy an alternative: our Boomerang service.
By installing a physical appliance or virtual server inside your network your dedicated engineer can create a secure site-to-site connection that links directly back to a customer-specific server in our secure Coventry data centre.
Traffic between the two endpoints is fully encrypted and isolated to prevent data contamination. All Boomerang configurations utilise their own, segregated, hosted infrastructure and all data is confined to the encrypted connection. This allows us to continue performing penetration tests as if we were sat at a desk in your office. To prevent unauthorised use, connections can only be launched by your Fidus consultant using secure token-based Two Factor Authentication (2FA) to complete logon.
Our Boomerang service has been actively deployed countless times over the past 12 months and is a common alternative for internal engagements to help save costs on travel, accommodation and food. Our offering was originally developed purely as a cost-saving measure for end-clients but has now become a go to option for helping our clients meet their security requirements in unusual circumstances: such as mandated work-from-home policies.
There are two ways to deploy Boomerang in your network – Posting a physical device or providing a unique download containing a virtual image:
Option 2 – Customer VPN
Another option is to make use of any existing VPN connectivity you have set up. In most cases this will be the same technology and configuration as your employees working from home will use.
This configuration provides the exact same functionality as a workstation physically connected to the internal network. Using a VPN session we are then able to continue testing hosts and applications as we would from inside your offices.
If required, we will arrange to carry out additional secure routing or to install a jump box that allows us to test other network segments.
Maintaining security during an unprecedented health crisis
These remote access solutions are our first-stage response to dealing with COVID-19 from a corporate perspective. Both have been suggested to help Fidus customers maintain business-as-usual operations and security without compromising the safety of your employees.
Whether we use your VPN or our Boomerang appliance, the final solution will be tailored to the specific needs of your business and pen test project. Where your requirements fall outside these remote models, limited site visits will continue as normal.
Throughout this current health emergency and beyond, Fidus is committed to:
Performing security testing remotely remains critical, even when normal office-bound operations are on hold. The ongoing global pandemic may cause significant operational disruption, but Fidus is here to help your business protect its information assets throughout.
To learn more about our remote access solutions please get in touch.