de | English
Modern Workplace Mar 13, 2020

Stay Productive & Secure – "Home office" with the private laptop.

With people being advised to “keep their distance”, employees are finding themselves forced to work from home. But what if they don’t have a laptop? Not a problem, as long as they have any computer at home that connects to the internet. How? Keep reading to find out.

Share article

kirsten-heitmann.png
Kirsten Heitmann
Team Leader Security Solutions

By installing a remote access gateway between your employee’s home PC and your corporate resources, you can enable them to work in their normal business environment using their domain-specific permissions. So they can be at home, yet still “in the office”.

 

How does this work on a technical level and is it secure?

Bechtle uses WALLIX Access Manager and WALLIX Bastion. These systems are installed on the customer’s network as either a virtual machine or appliance.

 

Access Manager, which is located in the DMZ, lets users pass the remote access gateway once they’ve authenticated themselves. The session is then moved to Bastion, which establishes an RDP connection to the user account on the desktop PC of the employee logging on.

 

The connection is encrypted as it uses HTTPS. Appropriate user rights are also required to access and log in to the target system over RDP. In addition, the RDP can be set up so that the employee’s personal PC and their office computer cannot share data, for example through temporary storage, creating an uninterrupted secure space. All this is complemented by appropriately updated endpoint security software, such as an antivirus program.

 

Requirements.

Both WALLIX Access Manager and WALLIX Bastion are installed for a complete solution. Bastion is a virtual appliance, while Access Manager is a software program that can be installed on either Linux or Windows. A database, such as MySQL (Linux or Windows) or MariaDB, is also installed.

 

Licences are required for Bastion. Since Access Manager is accessed over the internet, it requires a public IP address, a corresponding DNS entry and a certificate from an officially recognised certificate authority (CA).

In addition, certain perimeter security (firewall) configuration requirements must also be met, namely that all necessary ports be authorised to ensure successful communication with Access Manager over the internet. Access from Bastion to the target systems must also be set up, and additional Bastion use cases defined. 

 

Before implementing this solution, we conduct a design workshop to discuss placement of the systems, system requirements, firewall configurations, authentication mechanisms, Bastion use cases and the assignment of tasks. Initial test accounts are set up following installation and configuration to verify that the solution works as intended. The configuration is then documented and given to the customer.

 

The bottom line.

WALLIX’s solution enables employees to securely access corporate resources over the internet using their personal PCs. This allows them to continue working in the familiar environment of their office computer.

 

Have we aroused your interest? Then please contact us via IT-Security@bechtle.com