facebook
Eligio Merino
Infrastructure SME with over 20 years in designing, building, securing and monitoring full-stack platforms.
Posted on Sep 2nd 2020

Now that many companies are switching to remote development due to COVID-19, there are a lot of questions regarding the best way to ensure a secure remote development environment. There are a multitude of threats to a remote development environment, with ransomware being a major concern. This type of malware can encrypt a whole computer’s disk, allowing the hacker to demand a bitcoin ransom in exchange for the decryption key, even though there is no guarantee that the hacker will provide one after the ransom is paid.

For the past twelve years I’ve been helping companies set up secure environments for their remote employees, so I thought I could share some of what I’ve learned along the way.

1 Make sure your OS is up to date

Keep your operating system up to date, whether you use Windows, macOS, Linux, Android or iOS. OS updates frequently include security fixes/patches that will keep your machine as secure as possible.

2 Connect to a secure network

Most home networks already have a secure WiFi network. However, if you are traveling, most WiFi hotspots in hotels, restaurants, airports, etc. are not secure. It is very important to always look for a lock icon  next to the WiFi network you are connecting to. Just because a network asks for a password, that does not mean it is secured. If secure WiFi is not available, you can use your mobile ISP data to share your smartphone internet connection to your PC. Not doing so carries a high security vulnerability as anyone with enough hacking knowledge could intercept any data (passwords, 2FA, source application code, etc.) that you send to the Internet.

3 Get an Antivirus and Malware Scanner

Nowadays, it is not enough to have antivirus software installed. You should also make sure that all its shields are up and running, along with having the antivirus database properly updated. There are good free AV options for all OS platforms without impacting your machine’s performance. Additionally, you can install malware scanners that will enhance your system’s security.

4 Use strong passwords

It’s a good idea to use a unique password for each account you create. Otherwise, if a site you visit doesn’t use encryption on the backend, a hacker can get a hold of your password and use it on other sites. To enhance security from your desktop’s lock screen to remote systems, always use passwords that would be hard to guess. So, where to start to create a strong password? Create an 8-length string that has the following criteria in any order: at least 1 capital letter, at least 1 special sign, at least 1 number, at least 1 lower-case letter, do-not use number or letter sequences (like 123, hijk, etc.). You can use a Password Manager app to store all your passwords—usually these apps encrypt its database in order to secure the stored data. It is very important to NEVER write down a password.

5 Encrypt your stored data

Many of the Cloud solutions offer encryption for stored data (vaults) such as OneDrive, Google Drive, Dropbox, etc.—but, what about the data you have on your local disk that is not being uploaded to the Cloud? You can either encrypt your whole disk or even just part of it. This enhances your local security to prevent anyone from reading your data by just mounting the disk and/or the partition on another machine, for instance, if your computer is stolen. Also, to encrypt your data is a good practice when you are doing backups, so only you can decrypt it and have access to it. If you are using Pro versions for macOS and Windows, it is likely that you already have a disk-encryption solution shipped with your OS. Otherwise, there are a number of options, both free and paid.

6 Install Apps and Containers from known sources

A security best practice is to only install an App or Container from a source that you are familiar with, or have verified its reputation. The recent versions of Windows, macOS, Linux, Android and iOS platforms have their own App Stores. You can always either: search there first to install an App, and/or go to the software manufacturer’s website to learn more about the App or Container you want to install. Here at Genuitec, our product offerings are perfect for remote development, whether you are looking for a powerful IDE, remote pair programming or the ability to simply and securely deliver IDEs to teams. To securely download any of our products for free, go to our store.

7 Ensure Web traffic is secured/encrypted

Now that you are using strong passwords, it is also a best practice to navigate only across secured websites. This means that if you are going to provide a username and password to a website, make sure that the browser’s address bar has a lock icon  along with the starting string ‘https://’ instead of just ‘http://’. The HTTPS protocol and the lock icon  mean that your information is safe from hackers’ interception, preventing them from decrypting the information you send to and receive from that website. For instance, if you use CodeTogether for your remote pair programming, codetogether.com enforces HTTPS connections, assuring an end-to-end encryption during your pair programming session in order to keep your source code perfectly safe. And for organizations with extremely tight security controls, an on-premises version of CodeTogether is also available, which allows all your source to stay completely behind the firewall.  

8 Use SSH connections

Many offices now allow developers to work remotely from home due to the COVID-19 pandemic. But there is one problem: how can a developer connect to a local port service that is running on a remote server? For instance, let’s say you have a remote database that listens on port 3306. The problem is that such port 3306 only listens locally on the remote machine, i.e., on address 127.0.0.1, which cannot be reached from outside the server. Well, a secure way you can connect remotely to that remote IP:Port is via an encrypted tunnel using SSH. A way you can achieve this from the command line in Linux and macOS is:

# ssh -p <serverSSH-Port> <userName>@<serverPublicName> -L 3306:127.0.0.1:3306 -N

This SSH command will open an encrypted tunnel to the remote server and it will emulate a local database in your machine listening on the IP 127.0.0.1 on port 3306. You can also use this to tunnel and secure other remote ports you may want like 8080, 9080, 80, 443, etc.

9 Lock down your desktop session

Battles are often won by details, and it’s a good idea to get in the habit of locking your workstation when you step away from your desk. In most IT companies, this is a mandatory security policy in order to prevent anyone from accessing the sensitive data you are responsible for such as source code, passwords, etc. It is the same thing with your smartphone as you most likely always lock it when you are not using it so no one can access your apps and data, right? It is the same principle with locking your OS desktop screen.

10 Use a VPN connection

Setting up and using a Virtual Private Network (VPN) can help tremendously in securing your local environment. It establishes a secure+encrypted tunnel between your system and the remote systems you are accessing—from the company’s mail server to test environments that are usually reserved for collaborators only. Another benefit is that a VPN connection speeds up your access by reducing the hops that an Internet request does, such as an SSH connection, a Web connection, etc. You can either choose to use a free VPN solution or purchase one – depending on your security requirements, available platforms and budget.

I hope these ten steps will help you create a secure remote development environment. Better safe than sorry 😉

For more tips on remote development, see our Remote Development Resource Guide