Securing Windows and Office in a time of Covid-19: update policies, remote options

The stay-at-home alerts for many large cities, states, and countries is putting information technology and security professionals on the forefront of the battle to keep businesses up and running with most employees working remotely.

Technology has risen to the challenge in some ways, but for some things there’s just too much on our plates to deal with right now.

Here’s how the Covid-19 pandemic is impacting Windows security in that regard:

Releases and servicing changes

Google was first to announce that the work-from-home mandate was impacting Chrome’s ship schedule.

Chrome 81 did not ship on schedule and Google announced that it is “pausing upcoming Chrome and Chrome OS releases.” They emphasised instead that they will ensure releases are stable, secure, and reliable. Google is prioritising security over feature releases.

Microsoft has announced that it is pushing back the end of life for Windows 10 1709 as a result as well. The end of life for 1709 was scheduled for April 14, 2020, but now security updates will be released from May to October.

The final update will be released October 13, 2020. It remains to be seen if Microsoft Office click-to-run releases and Office 365 features will also be impacted. Keep an eye on the Microsoft Office 365 roadmap to see if any of these releases will be impacted.

Introducing remote technology

To allow for remote technology, businesses are madly rolling out virtual private network (VPN) and Remote Desktop Protocol (RDP) connections, often at the expense of security. One alternative is to deploy an 180-day trial version of Windows Server 2016 or 2019 and use Remote Desktop Services with Remote Desktop Gateway (RD Gateway) along with RDWeb technologies to allow remote connectivity.

Technology leaders can also use OpenVPN solutions to stand up a temporary VPN server as a solution. Don’t forget to review what solutions are in the firewall to allow for VPN connectivity.

Microsoft came out with instructions on how to split the traffic for the network so that the Office 365 traffic does not have to go back through the office connection. Look to VPN solutions for documentation if any additional configuration is needed for external clients to automatically direct to the internet for downloads and internet traffic.

In the Sophos VPN solution, for example, the VPN interface adds a route to the IP address of the work computer, which is routed through the SSL-VPN interface. Then any other traffic, like downloads, will be routed by the standard home router and its internet connection.

To ensure a VPN solution also provides web filtering, review such solution for options. For Sophos VPN, to provide web filtering to the remote clients, users must add "VPN Pool (SSL)" to “Allowed Networks”. Review options with VPN vendors as to what can be done to route traffic and protect accordingly.

Other options for secure remote access

Azure AD can also secure remote desktops. For example, users can secure RD Gateway infrastructure using the Network Policy Server (NPS) extension and Azure Active Directory.

Furthermore, users can secure the the RDP connection Using Azure Multi-Factor Authentication for Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 RD Gateway and NPS server by following these instructions. Finally, review these instructions to protect RD Gateway with Azure MFA and the NPS Extension.

Dealing with network traffic slowdowns

Recently the CEO of AT&T indicated that all the work-from-home traffic has impacted network performance. Netflix is throttling the bandwidth in various locations to limit the impact on the internet.

If home users have bandwidth issues, perhaps suggest that they adjust home cameras to use lesser video quality. Leaders may want to send out tech tips to home users to walk them through quality of service adjustments, or use remote access tools such as Splashtop SOS to obtain temporary access to home PCs to better fine-tune them.

Help desk staff should also be ready to help educate home users about the numerous examples of Covid-related malware. Send out prevention tips to employees to keep them aware of the risks.