Remote users can present additional security risks as they need to make use of the potentially unsecured internet or unsecured devices to access company resources.
For organizations with a remote workforce, Lumu has the option to implement the Continuous Compromise Assessment concept to not only corporate networks, but for remote workers using VPN (Virtual Private Network) or SDP (Software Defined Perimeter) technologies as well. If you want more context on Lumu Deployment scenarios, consult our documentation.
Enterprises can incorporate remote workers into their network of defenses by using VPN/SDP Gateways. These are devices or software which are developed for extending LAN Networks to the Internet (in most cases) through a safe and private channel.
The VPN/SDP can be configured in two ways, full tunnel or split tunnel, and Lumu can assess compromises on both configurations.
On this configuration, once users connect to the VPN/SDP, all their traffic (internal and Internet) is routed through the VPN/SDP channel. This allows the company’s network-systems to process all its users’ connections. Some companies use this architecture, despite its bandwidth cost, in order to have more control over traffic, regardless of where the service is hosted.
In the full tunnel configuration, to integrate Lumu with the remote end-users, it is necessary to add Lumu DNS Servers' (or Lumu Virtual Appliances') IP addresses as default DNS servers.
The following diagram shows the client’s workstation set up with Lumu DNS addresses. When a request to resolve a hostname on the internet is made from this workstation, Lumu processes DNS requests using its patent-pending illumination process to identify if this device is “talking” with adversarial infrastructure.
Set up the DNS on Workstations
The main difference between a split tunnel and a full tunnel configuration is that in a split tunnel just the internal traffic is routed through the VPN/SDP Gateway; all external connections are sent directly to the Internet. This allows the organizations to save bandwidth but implies a higher risk because of the lack of security controls in the user’s remote environment.
If the company uses split tunnel configuration, obtaining visibility into compromises in the remote user’s network through Lumu requires two steps: set up the DNS on workstations and add static routes over the SSL tunnel as well.
The following diagram shows that when using split tunnel configuration all external traffic is routed directly through the Internet channel (out of the tunnel):
Add Static Routes
For sending DNS queries via the internal traffic, the company should add Lumu DNS servers’ or Lumu Virtual Appliances’ IP addresses as static routes.
The following examples show the general structure for adding static routes via command line:
This image shows an example of a routing table that was configured to use Lumu DNS IPs for sending queries through the VPN security tunnel: