110 likes | 365 Views
Remote Access Tools Policy. John Jarocki May 2010 GIAC GSEC, GCIA, GCIH, GCFW, GPEN. Objective. Define Remote Access Tools List benefits Describe risks Explain why a policy is needed Provide policy guidance. What are remote access tools?.
E N D
Remote Access Tools Policy John Jarocki May 2010 GIAC GSEC, GCIA, GCIH, GCFW, GPEN SANS Technology Institute - Candidate for Master of Science Degree
Objective • Define Remote Access Tools • List benefits • Describe risks • Explain why a policy is needed • Provide policy guidance SANS Technology Institute - Candidate for Master of Science Degree
What are remote access tools? • Remote Access is “the ability to access your computer from a remote location,” and “the ability to control the machine once the connection is made.” • Source: TechTerms.com • Examples: • VNC (Virtual Network Computing) • Windows Remote Desktop • GoToMyPC • LogMeIn • WebEx SANS Technology Institute - Candidate for Master of Science Degree
Remote access value Benefits: • Money saved on commuting • Remote access to jobs in progress • Real-time team collaboration • 24x7 Tech support SANS Technology Institute - Candidate for Master of Science Degree
Remote access risks Risks: • Unauthorized access • Malware • Data theft • Compliance • Transitive trust SANS Technology Institute - Candidate for Master of Science Degree
More subtle risks • Several remote access tools have known vulnerabilities or even just “features” users are not aware of • Securing them properly requires careful control of versions and configuration • Let’s look at VNC in more detail... SANS Technology Institute - Candidate for Master of Science Degree
VNCVirtual Network Computing • Originally created at Olivetti Research Labs • Security concerns: • Older and free versions do not encrypt data • Weak password hash and challenge-response • Various vulnerabilities exist • Recommendations: • Use Enterprise version, ssvnc, or wrappers SANS Technology Institute - Candidate for Master of Science Degree
Why do we need a remote access tools policy? • The benefits are obvious, but the policy should clarify the risks • Users are bombarded with ads for the “latest, greatest” tools • Guidelines can educate and empower SANS Technology Institute - Candidate for Master of Science Degree
Policy recommendations • The policy should provide a set of requirements for acceptable remote access tools • Multi-factor authentication • Replay attack defense • Strong encryption • Configuration and reporting SANS Technology Institute - Candidate for Master of Science Degree
Summary • Remote access tools have many benefits • But poorly implemented, they add risk • The policy should: • Define acceptable use • Discuss the cost / benefit equation • Provide guidance and clarification SANS Technology Institute - Candidate for Master of Science Degree