Things to Remember When Working Remotely with the Sophos SSL VPN

Things to Remember When Working Remotely with the Sophos SSL VPN

This document outlines the SSL VPN connection parameters that are in effect when you are working
remotely. These are parameters are there to protect the data and overall network environment. It is
a balancing act between being able to work effectively and keeping every safe and secure.

Login

In the task bar you will see a traffic light icon (if you have installed the Sophos SSL VPN Software) blog post content here…

Double Click on this icon and the login box will appear.

Please enter your username (minus the domain\ name)
Enter your current Windows login password followed by the 6-digit code from the Sophos
Authenticator app from your mobile phone

For instance, in the example above, my username is User1 and my standard Windows login
password is $unb33ftrackMar$ and the following 6-digit code is from the Sophos App on my mobile
device.

The traffic light should now be amber and red:

Once the VPN connection is established, the traffic light will be green, you can now initiate the
remote desktop connection to the work device in your office.



Account lock out

The password you use (in the Sophos SSL VPN client) is the same as you use logging on to the
network in the office (or when working remotely). If you enter this password wrong 5 times your
account is locked for 30mins. If you keep trying your account will stay locked longer, so stop take a
break and try again after 30mins (give it 45mins to make sure).

The purpose of this account lockout feature is to stop unauthorized access to your user account (and
the network). The last thing we want is to have someone constantly "guessing" your password and
eventually gaining access to the network as this would be a security breach.


Idle Timeout

If you stop work, go and make a coffee, take a phone call, etc your SSL VPN connection will drop
(disconnect) after 30mins of no activity. This setting is there to automatically disconnect your VPN
session when you finish working and forget to disconnect. This is a global setting, meaning it applies to all users that are allowed to remote into the office.


Disconnection After 8 Hours

The SSL VPN works with a series of Cryptographic keys in the background, and these have a key
lifetime of 8hrs. This means every 8hrs it needs to renegotiate the keys (what is called key rotation)
and it drops the connection to the office.

Key generation and key rotation are important because the longer the life of the key, the larger the
amount of data at risk, and the easier it becomes to intercept more ciphered text for analysis (i.e
break into the network).


If you are working remotely, we recommend that every 4 hours or so you disconnect the VPN and
then reconnect (i.e disconnect when you go and have lunch and then reconnect when you return).
This is a global setting, meaning it applies to all users that are allowed to remote into the office.

Saving your password

We do not recommend ticking(selecting) any box to save your password - be this the Sophos VPN
client, the Terminal Server Connection screen or even your web browser. Doing so significantly
decreases the security level of the network as these "saved" passwords" can be scraped from your
computer by most malicious malware.

Having your password saved in the Sophos VPN Client may result in your account being locked if the
connection is dropped as outlined above (see Idle Timeout or Disconnection After 8hrs).

You should be using a password manager for all website (internet) logins and always enter your
password to access the network (e.g. enter your password in the Sophos VPN client and the Terminal
Server connection window). Talk to Iain or Kirby about proper password management and hygiene.

Connection Errors

The adage, have you tried turning it off and on again, will solve most connection issues. Please
ensure that you have rebooted your machine and attempted a login again before you give us a call.

If you are still having issues with the remote connection, please give the helpdesk a call on 1300
765 014 ensuring that you have your mobile phone with the Sophos Authenticator app and your
device that has the Sophos SSL VPN software installed before you call