News & Events

5 Steps to Review your Cisco Remote Access Solution

  • 30 March, 2020

Article, Cisco, Security

The Coronavirus pandemic has forced many businesses to enable remote working at short notice. Large increases in the number of workers requiring secure access to on-premise resources from home mean that it is more important than ever to carry out a health check on your Cisco remote access solution. Cybercrime has reportedly increased since the Coronavirus pandemic began because the criminals know that many businesses do not have adequate security protocols in place.

Here are some steps you can take to ensure your organisation is secure:

1. Make sure your VPN gateways can accommodate the increase in remote access users

Cisco Firepower Threat Defence and ASA appliances have a platform limit for concurrent connected users, which scales with platform size. You should review the published datasheets for your perimeter appliances to be sure that they can accommodate the number of remote access users you require. You can contact us if you are unsure of how to do this.

2. Review your AnyConnect licensing

Once you are satisfied that your perimeter platforms can handle the number of remote access users you will require, check the current state of your AnyConnect licensing. As of the release of AnyConnect version 4.x, licensing for AnyConnect has migrated to Cisco’s new Smart Licensing platform. Further information on the new AnyConnect licensing model can be found here.

3. Use the FTD/ASA head-end deployment feature to allow workers to onboard to remote access more easily

With many workers outside of the office, internal software deployment solutions may not be able to push out AnyConnect packages to users. However, users can run through the package installation procedure themselves by browsing to the VPN gateway FQDN or outside IP address. This allows self-service onboarding to speed up extending your remote access deployment.

4. Only provide access to the internal resources required

Whilst an increase in remote access workers typically requires an increase in the access to resources provided, it is more important than ever to expose the minimum required internal resources to allow your employees to work. Review your device configurations and ensure you have access control restrictions via an Access Control Policy (for FTD) or a VPN filter/DAP (for ASA).

5. Evaluate if a multi-factor authentication solution is required to further secure remote access

Increasing the number of remote users widens the risk of illegitimate access being gained to internal resources through compromised user credentials. If you do not have an MFA solution currently in place, consider an evaluation of Cisco Duo which can provide additional authentication via mobile device, biometrics or security key.

Final note...

In collaboration with Cisco, we have put together a heavily discounted Secure Remote Working package that will protect your entire user base while they work from home. This is based upon several Cisco products:

Cisco Duo provides cloud hosted Multi-Factor authentication. Users simply download an smartphone app from the app store. Once they register, whenever they attempt to sign into the network, they receive a prompt on the app that verifies who they are.​

Secure Enterprise VPN is provided by Cisco industry standard AnyConnect. With the Virtual ASA being deployed, it can scale to any size requirement and is deployable within hours. AnyConnect is truly multi-platform as it works on any PC’s, MAC’s iPhones, Android, etc.

Once the testing and pilot is complete, an instruction set will be given that you can send to your users for self onboarding.

While this is a fast ramp up, when the COVID-19 pandemic subsides, you can continue to build on the platform and make it a central point of your InfoSec strategy.

Click below to learn more about this package.