How to Work Remotely and Securely with FOSS Tools

With the advent of global problems such as Coronavirus (COVID-19) and the need for social distancing to help mitigate the spread of such diseases, many organizations are looking to remote solutions.

A well-designed disaster recovery plan would already have policies in place for employees to work remotely in times of a crisis. Nonetheless, many companies are finding that they do not have such policies in place. There are likely a variety of reasons as to why an organization would not have a solution ready for employees to work remotely whether they be financial, political, or a lack of understanding of the technologies that are available.

Although office politics do not lend themselves well to easy „one size fits all“ solutions, we can address the financial aspect as well as the technologies that are both feasible and accessible. We will take a look at some various solutions that are open source as well as some proprietary applications that are multi-platform to help you stay connected with your coworkers.

Remote Communications

The highest priority for any remote employee is the ability to communicate with their coworkers. Of course, we have had email for decades and practically every email platform supports the ability to send and receive messages from a plethora of desktop and mobile applications, regardless of the operating system or client used thanks to predefined standards such as SMTP, POP, and IMAP (and their secure alternatives).

Nowadays, many organizations are jumping on the Slack bandwagon. Slack is a great tool and very easy to work with, but there are some caveats to its usage. First off, the Slack infrastructure is entirely owned and operated by the company behind the software itself. This means that your organization does not have control over retention or backups of your messages without further costs. There is also an extra cost to the usage of Slack depending on how many messages or the size of the messages that your account consumes.  Neither does your business have control over the security of these messages.

A great alternative to Slack is Mattermost.  Mattermost possesses nearly all of the features that you would find in Slack, as well as the ability to run the client application on any mobile device and it offers a multi-platform desktop application. The extra upside to Mattermost is that it is open source software, and you can host it on your own servers or within Docker containers.  Your organization has complete control over all message retention, backups, security updates and policy controls. For the security-minded company, Mattermost is an excellent choice over Slack.

Zoom is another very popular multi-platform communications application that many organizations depend on for their meetings held via teleconferencing.  As of late there have been some security issues related to how Zoom can leak personal information. There are easy fixes to these as the articles point out, but would it not be better to use an open source application that gives greater preference to security?

This is where promising projects such as Jitsi could be used.  Jitsi is fully open source software, utilizes WebRTC (an internet standard) and end-to-end encryption for all of its calls.  There is no need to register an account with a hosting company, as the server software is available for an organization to install and run on its own.  A caveat to Jitsi is that at this time there are no mobile applications.  Yet given the open source nature of the code and an increase in adoption of Jitsi, such a hurdle could be easily overcome.

Remote Collaboration

The above software packages are a given for remote collaboration, but we now turn our focus to document, calendar and contact sharing.

Many organizations may have access to G Suite and its associated web-based applications.  However, these are hosted and controlled by Google and the business offerings are not free.  Pricing for this platform varies depending on how many users in the organization are going to use the applications and which advanced features a business would need.  As with most software solutions, there is a FOSS alternative.

The flagship platform for such tasks is none other than Nextcloud.  Nextcloud is an extremely versatile, highly scalable and fully open source solution for cloud-based office services.  Nextcloud has recently taken their excellent software to a new level with their Hub offering which allows groups to collaborate together on documents, conduct secure video teleconferencing via its Talk plugin, as well as self-managed groupware capabilities for email, contacts and calendaring.  Much of the functionality that can be found within Google’s G Suite can be duplicated within Nextcloud with its plethora of plugins.  The best part is, your organization controls the data instead of a third party.

The GNOME desktop environment also offers built-in functionality (via Settings>Online Accounts) to connect to multiple Nextcloud instances.  This way you can seamlessly synchronize your calendar, contacts, files and more on your Linux system.  If you do not use the GNOME desktop there are also Nextcloud clients available within distribution package repositories, as well as a flatpak package or a snapcraft package depending on your choice of installation method.

Remote Connectivity

One final topic that we should look at is the ability to connect from your home office back to your business office’s network.  The primary method with which this is done is through a VPN (virtual private network) connection.  VPN solutions are typically maintained by a business’ information technology department and access to a VPN would have to be granted by the IT department.  

Nonetheless NetworkManager, the default networking utility installed on most Linux distributions, has the ability to connect to numerous types of VPN systems.  There is support for OpenVPN, Cisco’s AnyConnect by way of the OpenConnect plugin as well as the vpnc plugin.

If you do not have a VPN solution for your business, there are open source solutions available through projects such as OPNsense and pfSense.  Both of these projects offer full-featured firewall solutions as well as VPN capabilities.  These platforms are built on FreeBSD and offer solid performance and security.  They can both be easily installed on commodity hardware with at least two network interfaces, bringing commercial-grade firewall solutions to your organization.  Should you need extended features and more scalability, these two projects also offer paid enterprise services to implement such functionality.

Once you have connected to your office’s network, you can use applications such as Remmina to connect to Windows, macOS, or Linux workstations and servers.  Remmina makes it easy to organize saved connections should you need to connect to multiple systems.  It can also handle SSH connections for Linux server administrators, making it easy to categorize a number of connection types based on a server’s usage (such as production, testing, QA, etc.).

Summing Up

With many stay-at-home orders being issued by various government entities, many people are finding that they still need to find efficient, secure and cost-effective methods for continuing their work.  The FOSS community has been developing remote solutions for a variety of use-cases for years.  Now, more than ever, the efforts of these developers can be appreciated by those who have never had the need to leave their offices before.
 

About Kenny Armstrong:

Kenny has worked with UNIX-like operating systems since his introduction to them while serving in the U.S. military in the late 1990s.  He has been involved with the Linux community in various capacities such as teaching Linux for a variety of training organizations, deploying Linux in local government institutions up to large Universities, as well as in various large-scale businesses.  Kenny enjoys working with open platforms and finding potential new uses for them in a variety of situations.  More importantly, he prefers teaching others about Linux so that they can put it to use wherever possible.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert