Learn about resources, server, desktop, and application sharing, as well as remote assistance.
- [Instructor] Remote access technologies provide our users the ability to access resources, even when they're not physically located in the same place. When I first started working in the Information Technology field, the use of dial-up modems for remote access was commonplace. When a connection was made over dial-up, they relied upon Serial Line Internet Protocol, or SLIP, or the Point-to-Point Protocol, PPP, to make their connections over layer two of the OSI model to perform the authentication. Over time, better authentication processes were developed.
The use of TACACS+ or Radius servers became more commonplace to provide additional security to these early dial-up remote access connections, and these are often still in use today. If your organization is still utilizing a dial-up connection for remote access, you should configure it to perform call back service upon the initiation of the remote access connection. This works by having the user dial into the remote access server, but then the server disconnects that request. The server will then call back the user at a known and authorized phone number.
This adds an additional layer of security to the authentication process, but it does limit the user to a known phone number when attempting the connection. From a physical security standpoint, your bank of remote access modems should all be located in a single closet, so that your technicians can keep an eye on them. Also, war dialing is a concern when dealing with dial-up remote access where an attacker may attempt to connect to random numbers until they find your service. To prevent this, your modems should only answer a call after a certain number of rings, as an additional security measure.
Since many organization have begun eliminating their dial-up connections due to the limited bandwidth available when using them, remote access must now be performed using newer and faster technologies. Because most employees have access to high speed internet when they're traveling, the use of a Virtual Private Network, or VPN, has replaced dial-up remote access in most organizations. A VPN allows a user to created an encrypted tunnel over an untrusted network, such as the internet. VPNs can be secured using not only a username and password, but also multiple other factors of authentication.
The VPN tunnel itself can be encrypted using strong encryption technologies, such as the Advanced Encryption System, or AES, using a 256 bit shared secret encryption key. While remote access provides users additional capabilities while traveling, the biggest benefit of remote access in an organization is when it's used by administrators. Through the use of remote administration, system administrators are able to remotely configure servers, workstations, and network devices. Instead of waiting for an administrator to get in their car, drive to your office, and work on your broke workstation, these days the administrator can remotely access the machine, without ever leaving their desk.
This is referred to as remote assistance. Remote assistance relies on the same technology that desktop sharing and application sharing utilize. By creating a secure encrypted tunnel between the administrator's machine and your workstation, the administrator is able to see what's displayed on your screen, and even enter keyboard and mouse commands from a remote location. While this capability makes the administrators job easier, this same technology is also used by attackers against us. For example, if an attacker is able to gain remote access to a workstation or server by exploiting a vulnerability, they could then connect to it using the remote assistance tools, such as Microsoft's remote desktop to control the machine as if they were sitting directly in front of it.
To mitigate against this type of attack, you should always insure that all updates and patches have been properly installed, and systems are tightly configured when allowing remote access. Additionally, you should insure that logging and auditing is properly configured for any remote access solution. These logs and audit trails should be reviewed regularly to insure that no malicious users have gained remote access to your system. It is highly recommended that all remote administration, and remote access solutions, utilize multi-factor authentication, strong encryption, and strong passwords to prevent malicious users from taking advantage of this essential customer service tool.
- Adapting data flow security to changing business needs
- Provisioning and deprovisioning resources
- Security and privacy considerations of storage integration
- Integrating the cloud and virtualization into the secure enterprise architecture
- Identity proofing and identity propagation
- Integrating cryptographic techniques into the secure enterprise architecture
- Cryptocurrency and blockchain
- Mobile device encryption considerations
- Integrating secure communications and collaboration solutions