By submitting this form, you agree to receive RealVNC education content, special offers, exciting news and product updates. You can withdraw your consent at any time. We respect your data, see our Privacy policy.

What can Hollywood teach us about remote access security?

RealVNC® Ltd | 23 Aug 2018

star warsBusinesses today face major digital security risks that range from external hackers to internal theft and data breaches. To counter these threats we are spending billions of dollars every year deploying technology to mitigate risk.

Gartner estimates that we spent $85 billion in 2017 on IT security products and many experts expect double-digit market growth through 2025.

Because remote access is all about connecting to and controlling remote devices, security is an absolutely critical consideration. Without a highly secure remote access product and well-disciplined procedures, your remote access software could expose you to even more risks.

So what does the cybersecurity market have to do with Hollywood? On the surface, not a lot. After all, global box office sales were a mere $40 billion in 2017 and the industry is declining as other entertainment sources encroach on their traditional customers. But, it’s not the entertainment industry itself we can learn from, but the content it creates.

Movies entertain us through engaging stories, but more importantly, they show us new ways of looking at the world and teach us lessons. In this blog we make a light-hearted attempt to show how movies provide direct, and perhaps not so direct, insights into the challenges we face in managing digital security as it relates to remote access. Lights, camera, action…


Terminator 2 – The evolving threat

That fact that security risks are a “moving target” makes reacting to threats incredibly challenging. On top of this, your IT ecosystem is constantly changing, so attack vectors are relentlessly transforming.

Security threats are like the T-1000 android in the classic Sci-fi action thriller Terminator 2 – Judgement Day. No matter how hard you try to destroy a threat, it morphs into a new and increasing sinister menace. Instead of fighting a losing battle with the T-1000, think outside the box and attack the threat at the source. Successful security is all about establishing a broader strategy because you will never be successful if you are constantly reacting to morphing threats.

Shrek – The strategy

To quote Shrek, “Onions have layers. Ogres have layers.” A security strategy should be like an onion too, it should have layers. There is no one bit of technology that will resolve your security challenges. Instead, it requires a strategy made up of layers, with each layer protecting against a specific threat or defining a best practice.

Credible and effective protection is created only by the combination of all the layers. Just like an Ogre, a successful security strategy is an onion.


Star Wars “A New Hope” – Encryption

Think back to the seminal scene from “A New Hope” when Luke Skywalker is cleaning up his newly acquired R2-D2 droid. While removing some grit, Luke uncovers a holographic message from Princess Leia calling for help from Obi-Wan Kenobi.

Given the importance of this message, Luke’s ability to view this message demonstrates a grievous lack of data encryption. If the message had been encrypted in transport (i.e. inside R2-D2), Luke would not have been able to view the actual transmission after he stumbled across it.

The analogy demonstrates the importance of end-to-end encryption for remote access sessions. Protecting your real-time remote access sessions demands a high standard of data encryption (128-bit or 256-bit AES) to ensure session content is not compromised in transit by forces of evil.

Princess Leia should have given more thought to encrypting her message and verifying Luke’s identity before allowing access would have also been a good idea (more about authentication below). However, we have to concede that we wouldn’t have a story if it wasn’t for this amateur breach in Rebel Alliance security best practice. A missing layer of the security onion, but we will forgive George Lucas for the sake of the franchise.


Avatar – Multi-factor authentication

In Avatar the greedy corporate bosses are determined to exploit the natural resources of the peaceful Na’vi community. The evil Parker Selfridge’s route into the Na’vi society is through a breach in authentication. By hijacking avatars originally established to help the Na’vi population, they are able to hatch their despicable plans.

The unsuspecting Na’vi have no way of verifying the actual identity and intent of interlopers, leaving their society open to the spreading virus. This dark story highlights the importance of knowing exactly who you’re dealing with when establishing connections in your remote access sessions.

If the Na’vi would have had some form of multi-factor authentication in place when engaging with new member of the tribe , they would have been able to detect the arrival of the human impostors earlier is the storyline. This would have saved them a lot of time and grief. Authentication is another important layer of the onion.

The Matrix - Firewalls and connectivity

Think of your company as the Matrix. All it takes to compromise your business is for someone to infiltrate your matrix. A computer hacker like Neo just needs to find an easy way in through your firewall. It doesn’t matter how good your anti-virus and procedures are (aka Mr. Smith), once Neo, Trinity and Morpheus are in, they will do damage.

Thankfully, there isn’t a red pill that allows hackers to come and go through your firewall, but they will exploit vulnerabilities if you give them a chance, the same way Neo managed to make its way in and out of the Matrix by using the phones and hard lines scattered around the company.

These hard lines are like holes in your firewalls: they need to be defended, in your case by using direct TCP to avoid leaving a gap. This is why when choosing your remote access connectivity strategy, it’s best to have as many options as possible. The ability to choose between direct and cloud brokered connections allows you to optimize your service and control your firewall security. Don’t let Neo and his pals into your matrix.


Game of Thrones – Groups and teams

Ok, Game of Thrones is not technically a Hollywood production, but it’s popular enough that we’re going to go ahead and use it for the next metaphor. So, put yourself in Jon Snow’s shoes. You have just been elected the 998th Lord Commander of the Night’s Watch and are trying to get a grip on your new, rather high-pressure, job.

Being Lord Commander means that you’re not only responsible for preventing the White Walkers from turning the Seven Kingdoms into an army of undead, but also to manage the smooth running of the Wall. And when a recruit joins the team, you must assign him to one of the three orders of the Night’s Watch: the Rangers, the Stewards and the Builders.

Like Jon Snow, you may also be in charge of supporting large teams, with different duties, responsibilities and security clearances. Good remote access group management tools allow you to do just that, dividing responsibility for remote computers among the people in your team by assigning permissions and deciding who can connect to which computer.

Controlling teams, groups and permissions improves the efficiency of your kingdom and reduces security risks, “for this night and all the nights to come”.

Harry Potter - Audit management

Dumbledore lived a long and full life, until (spoiler alert!) it was suddenly ended by Severus Snape that fateful night up on the Astronomy Tower. In fact, he died at the age of 116 – that’s many decades of Hogwarts-running, Horcrux-hunting, Voldemort-fighting adventures. And despite his legendary memory, Dumbledore found himself needing the help of a magical tool to recollect his previous experiences: the Pensieve.

The Pensieve is a stone basin where memories can be magically stored and accessed at a later stage. In J.K Rowling’s saga, Dumbledore would use this tool every time he needed to view scenes he witnessed many years before to find the clarity needed to navigate tricky situations. 

While there is no real magic in remote access, most solutions will include audit tools that enable the users to keep a record, or log, of the usage. Remote sessions can be recorded, and a logged session history highlights all the activities performed by every user. It’s a good way to record all the “remote access memories”, so you can meet your compliance and best-practice objectives. Just make sure to add multiple layers of security, such as MFA, so unauthorized users won’t be able to access your precious memories. Or nosey teenager with a lightning-shaped scar on their forehead.  

--------------------------

A good understanding of how all the aspects of remote access security can protect your organization from risk. When considering the threats you face, it may be helpful to recall the T-1000 from Terminator and when designing your security strategy, taking some advice from Shrek about onions and layers. Whether it’s Star Wars, Avatar, The Matrix, Game of Thrones or Harry Potter, Hollywood provides us with entertainment, but also lessons we can apply in our personal and business lives. If you look hard enough, Hollywood even has things to teach us about remote access security.

If you want to dig a little deeper about remote access security (without the Hollywood metaphors), download our security whitepaper: 4 pillars of remote access

RealVNC® Ltd

Written by RealVNC® Ltd

Topics:

All

 

Comments