Hackers love poorly configured remote access points, and why shouldn't they? Many times they represent an open
door into a network without having to fuss with firewalls and intrusion detection/prevention systems (IDS/IPS) at the Internet border. Considering the threat that these misconfigured devices pose, all organizations should secure remote access points and configure remote connections to prevent a hack. The fact is that most networks have remote access points, and most of those access points don't employ adequate security. Remote access points most often come in the form of dialup modem banks and VPN concentrators, and it doesn't take much to discover the phone number or IP address.
Most remote access points require only a static user ID and password to log on to the network. If your remote access point doesn't require strong authentication, you should probably count on the fact that somewhere out there, maybe an employee or vendor, has setup a remote connection to your network with a saved user ID and password. This means your network is available to anyone who opens that connection, including your employee's neighbor whose computer was used to check email a month ago, and that vendor's employee who quit last week and took all his clients' remote access passwords with him.
How to secure remote access and configure remote connections
To remedy this problem, it is best to implement some type of strong authentication, requiring a user ID and a single-use password or biometric. There are a number of vendors that sell remote access keychain tokens, which generate a new single-use passcode every few seconds. Additionally, your suppliers and vendors could be required to call your operations department to obtain a passcode for remote access, thus adding another layer of security when dealing with outsiders. By implementing a strong authentication system, saved passwords for remote connections will no longer represent an information security risk.
Additionally, most remote access points don't inspect the remote computer for viruses or hacking software, and they usually don't watch the network traffic coming from such computers. If a user with a virus-infected PC or a hacker were to remotely log on to your network with such software, the network could be on the receiving end of a server compromise or a virus outbreak. To help prevent a remote connection hack, it is best to have an IDS or IPS sitting inline between your remote access point and your internal network. Such a system should be capable of catching network-based attacks from hackers or hybrid viruses. Some systems will even prevent users from connecting to your network if their antivirus software is not up to date. It is also best to limit the number of ports allowed access into your internal network.
By giving some attention to the authentication process and the traffic coming from remote users, you will greatly reduce the risk of your remote access points being a source of unwelcome company.
About the author
Vernon Haberstetzer, president of security seminar and consulting company i.e.security, has seven years of in-the-trenches security experience in healthcare and retail environments.
HACKER ATTACK TECHNIQUES AND TACTICS
Introduction: Hacker attack tactics
How to stop hacker theft
Hacker system fingerprinting, probing
Using network intrusion detection tools
Authentication system security weaknesses
Improve your access request process
Social engineering hacker attack tactics
Secure remote access points
Securing your Web sever
Wireless security basics
How to tell if you've been hacked