Remote Access Tools Policy
John Jarocki
May 2010
GIAC GSEC, GCIA, GCIH, GCFW, GPEN
SANS Technology Institute - Candidate for Master of Science Degree
1
1
Objective
1. Define Remote Access Tools
2. List benefits
3. Describe risks
4. Explain why a policy is needed
5. Provide policy guidance
SANS Technology Institute - Candidate for Master of Science Degree
2
What are remote access tools?
Remote Access is “the ability to access your
computer from a remote location,” and “the ability to
control the machine once the connection is made.”
Source: TechTerms.com
Examples:
•
•
•
•
•
VNC (Virtual Network Computing)
Windows Remote Desktop
GoToMyPC
LogMeIn
WebEx
SANS Technology Institute - Candidate for Master of Science Degree
3
Remote access value
Benefits:
Money saved on commuting
Remote access to jobs in progress
Real-time team collaboration
24x7 Tech support
SANS Technology Institute - Candidate for Master of Science Degree
4
Remote access risks
Risks:
– Unauthorized access
– Malware
– Data theft
– Compliance
– Transitive trust
SANS Technology Institute - Candidate for Master of Science Degree
5
More subtle risks
• Several remote access tools have
known vulnerabilities or even just
“features” users are not aware of
• Securing them properly requires
careful control of versions and
configuration
• Let’s look at VNC in more detail...
SANS Technology Institute - Candidate for Master of Science Degree
6
VNC
Virtual Network Computing
• Originally created at Olivetti Research Labs
• Security concerns:
– Older and free versions do not encrypt data
– Weak password hash and challenge-response
– Various vulnerabilities exist
• Recommendations:
– Use Enterprise version, ssvnc, or wrappers
SANS Technology Institute - Candidate for Master of Science Degree
7
Why do we need a remote
access tools policy?
• The benefits are obvious, but the
policy should clarify the risks
• Users are bombarded with ads for
the “latest, greatest” tools
• Guidelines can educate and
empower
SANS Technology Institute - Candidate for Master of Science Degree
8
Policy recommendations
The policy should provide a set of
requirements for acceptable remote
access tools
• Multi-factor authentication
• Replay attack defense
• Strong encryption
• Configuration and reporting
SANS Technology Institute - Candidate for Master of Science Degree
9
Summary
• Remote access tools have many benefits
• But poorly implemented, they add risk
• The policy should:
• Define acceptable use
• Discuss the cost / benefit equation
• Provide guidance and clarification
SANS Technology Institute - Candidate for Master of Science Degree
10