January 22, 2012

1.3.5 Remote Access

Remote Access

Remote access is the broad collection of mechanisms that allow external entities to interact with an internal closed environment. One of the first tools for remote access was the dial-up modem. Today we regularly employ encrypted VPN tunnels.

Security over a remote access connection is critical, e.g. via an encrypted tunnel, one-time passwords, etc. Additionally, you need to be aware of every flow of data that penetrates the boundaries of your private LAN and fully control each and every bit of data moving across such a gateway. Monitor your environment and review logs.

A first-stage remote access defense is a separate authentication system for remote access that preauthenticates all connections before they are allowed to interact with the LAN itself. If the remote access user fails to properly authenticate to the first-stage defense barrier, they are denied access to the servers on the LAN.

Preauthentication systems make full network attacks from remote links more difficult. If the preauthentication system is disabled, then no communication is allowed from any remote access link. It is better to lose remote access capabilities than it is to lose the entire private LAN.

Remote access can occur over many pathways including broadband, VPN, wireless, satellite, remote control, and remote shell.

Connection filtering, offered by some preauthentication systems, allows for restrictions to be placed on remote access links. These restrictions can include the type of OS used, the protocols supported, the user accounts involved, the time of day, the logical addressing of the client, the LAN systems the remote client is allowed to communicate with, and even the content of the communication.

Another important aspect of remote access to consider is that even with the best security on the remote access link itself, if the remote client is compromised, it could lead to the compromise of the LAN. Remote clients can be compromised by malware, theft, or physical intrusion of their storage location.

References:
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment