Remote access as an attack vector

The Black Book on Corporate Security 439 pages; $49.95                     Larstan Publishing

In this excerpt of Chapter 7 from The Black Book on Corporate Security, authors Howard Schmidt and Tony Alagna analyze how "unmanaged" remote access can serve as an attack vector.

There are many different types of remote access solutions for mobile employees. There is SSL VPN, which is a Web-based VPN device. There are also different types of Webmail as well as Outlook Web Access. Also, some bigger companies like Citrix have secure gateways. Classic IPsec VPNs, as well as different types of portals and intranets and extranets, can also be used for mobile computing.

The quality that all remote access has in common, regardless of the method used, is that it is an endpoint machine and is as vulnerable as any other system on the Internet. In some cases, they are managed machines — a corporate issued asset that is managed by the corporate IT that has all of the corporate security provisioned security programs.

Corporate resources can now be accessed from anywhere, with most places far from trustworthy. The danger here is extreme, because mobile computing environments plug into random places and in unmanaged systems. Vendors are aware of this security threat, and they're increasingly recommending the deployment of different types of security and scanning technologies. The problem is that most security technologies are not readily deployable. Antivirus is a very large application, so it is not practical to have anyone who is logging-in remotely to download this software and then scan the hard drive for half an hour before they can access e-mail. Antivirus-type technologies in the "unmanaged space" must be behavioral, small, fast and transactional. Some are emerging in the marketplace.

Information Security Bookshelf Read Chapter 7, Defending the digital you Read the forward by Howard Schmidt Read a review of this book Share your opinion of this book

However, the vulnerability in this mobile communication model is obvious. Besides the general threat of malicious code, these machines have no physical access restrictions. Anybody can load whatever they want on it (the risk of a keystroke-logger, regardless of whether it has network connectivity, is huge). A person can walk up five minutes before it was used and five minutes after it was used and capture everything that was done on that machine between those two time points.

Insider Notes: Corporate resources can now be accessed from anywhere, with most places far from trustworthy. The danger here is extreme, because mobile computing environments plug into random places and in unmanaged systems. Vendors are aware of this security threat and they're increasingly recommending the deployment of different types of security and scanning technologies.

The threat of malicious code is even greater in this unmanaged machine space. Sometimes the people using IPsec VPNs feel safe because this technology prevents split-tunneling (the ability for two or more applications to be communicating simultaneously while the VPN connection is going). Preventing split-tunneling only creates an illusion of safety.

A reverse-connecting Trojan functions in the same way in this environment as it does in a corporate environment, by initiating its connection sequence inside out. So, if users can see the Internet, then so can the malicious code. Even without Internet access, malicious code can be scripted to steal or perform actions whenever it comes back online. Malicious code is basically winning in every environment regardless of the situational defenses. All situational defenses can do is minimize the types of attacks; it cannot stop attacks.

Read Chapter 7, Defending the digital you

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SSL Debian: A niche OS with a not-so-niche security flaw The Shortcut Guide to Extended Validation SSL Certificates Product review: Array Networks SPX2000 How to test the security of personal details submitted to a website Should enterprises implement a mandatory iPhone VPN? Should iPhone email be sent without SSL encryption? How to secure an FTP connection Can Trojans and other malware exploit split-tunnel VPNs to infiltrate a network? What are the risks of connecting a Web service to an external system via SSL? What is the most secure way for application developers to manage cookies? Remote Access Management Information security book excerpts and reviews Partner access: Balancing security and availability Cisco injects role-based access control into the network What are the dangers of Web-based remote access systems? NAC switches, appliances help track users, malware Is it safe to use remote access tools to grant system access? Microsoft NAP-TNC compatibility won't speed adoption, users say Inviting Risk Secure Remote Access Emerging Technologies IPSec Is an IPsec VPN necessary when connecting remote servers that process financial transactions? What ports should be opened and closed when IPsec filters are implemented? DMVPN configuration: Is an additional firewall needed between the router and the Internet? How should the ipseccmd.exe tool be used in Windows Vista? Can Trojans and other malware exploit split-tunnel VPNs to infiltrate a network? IPsec tunneling: Exploring the security risks Should an IT staff be concerned with a network's physical security? How expensive are IPsec VPN setup costs? Do split-tunneling features make a VPN vulnerable? Will securing a wireless LAN make the data link layer vulnerable? IPSec Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary SSL VPN  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary