Hackers love poorly configured remote access points, and why shouldn't they? Many times it can be an open door into a network without having to fuss with firewalls and intrusion detection/prevention systems [IDS/IPS] at the Internet border. The fact is, most networks have remote access points, and most of those access points don't employ decent security. Access points most often come in the form of dialup modem banks and VPN concentrators, and it doesn't take much to discover the phone number or IP address.
Most remote access points require only a static userID and password to log on to the network. If your remote access point doesn't require strong authentication you should probably count on the fact that somewhere out there an employee or vendor has setup a remote connection to your network with a saved userID and password. This means your network is available to anyone who opens that connection, including your employee's neighbor whose computer was used to check e-mail a month ago, and that vendor's employee who quit last week and took all his clients' remote access passwords with him.
Best security products of 2004
Information Security magazine and research partner evaluated 1,239 products to come up with the year's best at securing networks.
Webcast: Policy compliance for end-point devices
The corporate network is no longer a single, wholly owned infrastructure. The age of virtual computing and the increasingly remote, distributed workforce means there are many untrustworthy devices trying to access the network every day.
To remedy this problem, it is best to implement some type of strong authentication, requiring a userID and a single-use password or biometric. RSA Security is one of the largest suppliers of remote access keychain tokens, which generate a single-use passcode every 60 seconds. Your vendors could be required to call your operations department to obtain a passcode for remote access, thus adding another layer of security when dealing with outsiders. By implementing a strong authentication system, saved passwords will no longer be an issue for remote connections.
Additionally, most remote access points don't inspect the remote computer for viruses or hacking software, and they usually don't watch the network traffic coming from such computers. If a user with a virus-infected PC or a hacker were to remotely log on to your network with such software, your network could be on the receiving end of a server compromise or a virus outbreak. To help prevent malicious activity from entering your network from a remote access point, it is best to have an IDS or IPS sitting inline between your remote access point and your internal network. Such a system should be capable of catching network-based attacks from hackers or hybrid viruses. Some systems will even prevent users from connecting to your network if their antivirus software is not up-to-date. It is also best if you can limit the ports allowed into your internal network.
By giving some attention to the authentication process and the traffic coming from remote users, you will greatly reduce the risk of your remote access points being a source of unwelcome company.
Missed part of this series? Check out the archive.
About the author
Vernon Haberstetzer, president of security seminar and consulting company i.e.security, has seven years of in-the-trenches security experience in healthcare and retail environments.
