SlideShare ist ein Scribd-Unternehmen logo

Remote Access Security

S
syrinxtech

This is a presentation that I recently gave at the VA SCAN 2011 conference on remote access security.

1 von 31
VA SCAN 2011: Security Without Borders Securing Remote Access to IT Resources Presented By: Bryan Miller Adjunct Faculty, Computer Science & Information Systems Virginia Commonwealth University
Speaker Introduction Wikipedia: Remote Access Technologies Attack Vectors Audit Tools Mobile Device Issues Hardening Recommendations Policies & Procedures (P&P) Wrap-Up 10/6/2011 Securing Remote Access to IT Resources 2 Agenda
B.S. Information Systems – VCU M.S. Computer Science – VCU VCU Network Engineer – 1987 – 1993 President, Syrinx Technologies, 2007 Adjunct Faculty Member in Information Systems and Computer Science @ VCU, FTEMS lecturer CISSP, former Cisco CCIE in R/S Published author with over 25 years in the industry 10/6/2011 Securing Remote Access to IT Resources 3 Speaker Introduction
10/6/2011 Securing Remote Access to IT Resources Wikipedia: Remote Access Technologies 4
Dial-In/PPP – Point-to-Point Protocol – 1994 Layer 2 of the OSI model Provides authentication, encryption & compression Used by ISPs for dial-up Internet access PPTP - Point-to-Point Tunneling Protocol – 1999 Provides VPN access over GRE tunnel using PPP Does not provide encryption or authentication MSCHAP-v2 used for authentication is vulnerable to dictionary attacks 10/6/2011 Securing Remote Access to IT Resources 5
L2TP – Layer 2 Tunneling Protocol - 1999 Tunneling protocol used with VPN’s Does not provide encryption Still used today by some cable providers IPSec VPN Site-Site Dedicated VPN, typically over the Internet No client configuration Remote Access Requires configuration of VPN client Can be a challenge to update large numbers of clients Configuration files must be protected! Split Tunneling Issues 10/6/2011 Securing Remote Access to IT Resources 6
SSL VPN Browser-based access to applications No VPN client to load on endpoints Provides user-friendly front end with low maintenance No configuration files to protect Single Sign On (SSO) One password to rule them all Various authentication methods Kerberos, smart card, two-factor, Windows AD integration, LDAP Often provides web-based front-end to common applications 10/6/2011 Securing Remote Access to IT Resources 7
Authentication Options RADIUS – Remote Authentication Dial-In User Service Implements “AAA” – Authentication, Authorization & Accounting Client-server protocol over UDP Used in VPNs, Wireless, 802.1x, etc. TACACS(+) – Terminal Access Controller Access-Control System (Plus) Cisco proprietary protocol using TCP Access control for networking devices 10/6/2011 Securing Remote Access to IT Resources 8
802.1x IEEE standard for port-based, Network Access Control (NAC) Provides authentication mechanisms for devices wishing to connect to a LAN or WLAN Typically requires an authentication server running RADIUS Most modern operating systems support 802.1x, including iPhone and iPod Touch Vulnerable to MITM attacks 10/6/2011 Securing Remote Access to IT Resources 9
Network Access Control (NAC) Technology which restricts access to the network based on identity or security posture To confuse the issue, Cisco’s NAC product is actually known as Network Admission Control Can be used to force clients to conform to security policies before granting network access A/V Patches Registry Settings Can be difficult to implement in “legacy” networks 10/6/2011 Securing Remote Access to IT Resources 10
10/6/2011 Securing Remote Access to IT Resources Attack Vectors 11
Dial-In Yes, this still works! Automated program dials 1000’s of phone numbers per day Usually finds “forgotten” out-of-band modem Wireless Please don’t use WEP, no longer compliant with PCI Rogue APs are still a problem – make sure your P&P documents address this Watch those hotspots! Extranet Mutual protection is the only way to go! 10/6/2011 Securing Remote Access to IT Resources 12
VPN Protect those configuration files (try Google) Use appropriate complexity for PSKs SSL in web sites Test the cipher strengths – applicable to PCI Disable the weak ones Outdated out-of-band management tools Are you still using Telnet? 10/6/2011 Securing Remote Access to IT Resources 13
10/6/2011 Securing Remote Access to IT Resources Audit Tools 14
Web Proxy Burp Suite Paros IPSec Configuration IPSecScan IKE-Scan 10/6/2011 Securing Remote Access to IT Resources 15 IKE-Scan Output: 192.168.1.254 Aggressive Mode Handshake HDR=(CKY-R=509ca66bcabbcc3a) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=12f5f2887f768a9702d9fe274cc0100 VID=afcad713a12d96b8696fc77570100 VID=a55b0176cabacc3a52207fea2babaa9 VID=0900299bcfd6b712 (XAUTH) KeyExchange(128 bytes) ID(Type=ID_IPV4_ADDR, Value=192.168.1.254) Nonce(20 bytes) Hash(20 bytes)
SSL Cipher Strength THCSSLCheck SSLDigger OpenSSL Web Servers Nikto Nessus 10/6/2011 Securing Remote Access to IT Resources 16 SSLDigger Output: 192.168.1.1: EXP-RC2-CBC-MD5 – (40) EXP-RC4-MD5 – (40) EXP1024-DES-CBC-SHA – (56) EXP1024-RC4-SHA – (56) DES-CBC-SHA – (56) () – Number of bits of encryption This tool is great for checking PCI compliance!
Dial-In PhoneSweep PPTP asleap Wireless 802.11 Aircrack-ng NetStumbler Bluetooth Bluesnarf BlueAuditor 10/6/2011 Securing Remote Access to IT Resources 17 From: http://www.willhackforsushi.com/Asleap.html
Port Scanners nMap SuperScan 4 RAPS (Remote Access Perimeter Scanner) 10/6/2011 Securing Remote Access to IT Resources 18 RAPS Output: 192.168.0.187 Port 5900 - VNC, Version 3.8 192.168.0.9 Port 3389 - Terminal Server 192.168.10.57 Port 5631 - pcAnywhere, Host: A1 192.168.10.56 Port 1720 - NetMeeting 10.2.0.139 Port 1494 – Citrix Server 10.2.1.20 Port 6000 – X Server, Version 11.0 10.2.1.21 Port 6000 – X Server, NO LOGIN REQUIRED, Version 11.0 What’s the difference between 10.2.1.20 and 10.2.1.21?
10/6/2011 Securing Remote Access to IT Resources Mobile Device Issues 19
Who owns the device Are employee-owned devices allowed Applications Email sync VPN configurations Encryption 10/6/2011 Securing Remote Access to IT Resources 20
Security settings Backup/restore issues Profile management Management/Reporting Wireless/Bluetooth issues E-discovery What happens if the device is lost/stolen? Remote wipe? 10/6/2011 Securing Remote Access to IT Resources 21
10/6/2011 Securing Remote Access to IT Resources Hardening Recommendations 22
Laptops At a minimum, encrypt the hard drive TrueCrypt PGP Disk BitLocker Biometrics Wireless Two-factor authentication 802.1x VPN 10/6/2011 Securing Remote Access to IT Resources 23
Labs, public access Network Access Control (NAC) 802.1x Remote Devices Use SSH instead of Telnet for out-of-band access Limit source IP address whenever possible Always require HTTPS when available Change all default SNMP community strings and other passwords Don’t allow access to common remote control programs from the outside Citrix, VNC, PCAnywhere, DameWare, Terminal Services 10/6/2011 Securing Remote Access to IT Resources 24
General Recommendations Make sure you have secure build configurations for all infrastructure devices Whenever possible, limit the source of resource requests to the smallest number possible SNMP, SSH With VPNs, configure access lists to limit exposure 10/6/2011 Securing Remote Access to IT Resources 25
General Recommendations With VPNs, configure access lists to limit exposure Don’t allow free range of internal networks Identify the user as soon as possible and apply access policies Remove all unnecessary protocols, apps, etc. Perform periodic penetration tests to ensure that all low hanging fruit have been removed 10/6/2011 Securing Remote Access to IT Resources 26
10/6/2011 Securing Remote Access to IT Resources Policies & Procedures (P&P) 27
Be sure to start with documented, enforceable policies Without upper management buy-in, don’t bother trying to enforce the policies Make sure you have a mobile device management policy Update and re-educate every year 10/6/2011 Securing Remote Access to IT Resources 27
10/6/2011 Securing Remote Access to IT Resources Wrap-Up 29
Remote access is one of the oldest IT technologies in use today It is well understood -- but occasionally implemented without security in mind Be sure to test often and update configurations and P&P documents as necessary Remember there are more potential attackers outside your security perimeter than inside 10/6/2011 Securing Remote Access to IT Resources 30
10/6/2011 Securing Remote Access to IT Resources 31 Q&A

Empfohlen

VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationWestermo Network Technologies
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015abhi75
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...sequi_inc
 

Empfohlen

VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationWestermo Network Technologies
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015abhi75
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...sequi_inc
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeCisco Enterprise Networks
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick StartContent Rules, Inc.
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network SecurityGyana Ranjana
 
Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsInternational Journal of Science and Research (IJSR)
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagramSyed Ubaid Ali Jafri
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slideAlya Al Saadi
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?Justin Black
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solutionmatthew.maisel
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting Shah Sheikh
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bSylvain Martinez
 
Top 9 Critical Findings - Dramatically Improve Your Organization's Security
Top 9 Critical Findings - Dramatically Improve Your Organization's SecurityTop 9 Critical Findings - Dramatically Improve Your Organization's Security
Top 9 Critical Findings - Dramatically Improve Your Organization's SecurityPraetorian
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
Breaking Closed Systems with Code-Signing and Mitigation Techniques
Breaking Closed Systems with Code-Signing and Mitigation TechniquesBreaking Closed Systems with Code-Signing and Mitigation Techniques
Breaking Closed Systems with Code-Signing and Mitigation TechniquesPriyanka Aash
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Focus Your Business
Focus Your BusinessFocus Your Business
Focus Your Businesssyrinxtech
 
Virtual CSO
Virtual CSOVirtual CSO
Virtual CSOsyrinxtech
 

Weitere ähnliche Inhalte

Was ist angesagt?

TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network SecurityGyana Ranjana
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slideAlya Al Saadi
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?Justin Black
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solutionmatthew.maisel
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting Shah Sheikh
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bSylvain Martinez
 
Top 9 Critical Findings - Dramatically Improve Your Organization's Security
Top 9 Critical Findings - Dramatically Improve Your Organization's SecurityTop 9 Critical Findings - Dramatically Improve Your Organization's Security
Top 9 Critical Findings - Dramatically Improve Your Organization's SecurityPraetorian
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
Breaking Closed Systems with Code-Signing and Mitigation Techniques
Breaking Closed Systems with Code-Signing and Mitigation TechniquesBreaking Closed Systems with Code-Signing and Mitigation Techniques
Breaking Closed Systems with Code-Signing and Mitigation TechniquesPriyanka Aash
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 

Was ist angesagt? (20)

The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
 
Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed Firewalls
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slide
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
 
Top 9 Critical Findings - Dramatically Improve Your Organization's Security
Top 9 Critical Findings - Dramatically Improve Your Organization's SecurityTop 9 Critical Findings - Dramatically Improve Your Organization's Security
Top 9 Critical Findings - Dramatically Improve Your Organization's Security
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
Breaking Closed Systems with Code-Signing and Mitigation Techniques
Breaking Closed Systems with Code-Signing and Mitigation TechniquesBreaking Closed Systems with Code-Signing and Mitigation Techniques
Breaking Closed Systems with Code-Signing and Mitigation Techniques
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 

Andere mochten auch

Focus Your Business
Focus Your BusinessFocus Your Business
Focus Your Businesssyrinxtech
 
Web Database Server Best Practices
Web Database Server Best PracticesWeb Database Server Best Practices
Web Database Server Best Practicessyrinxtech
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing toolsyrinxtech
 
PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?syrinxtech
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 

Andere mochten auch (6)

Focus Your Business
Focus Your BusinessFocus Your Business
Focus Your Business
 
Virtual CSO
Virtual CSOVirtual CSO
Virtual CSO
 
Web Database Server Best Practices
Web Database Server Best PracticesWeb Database Server Best Practices
Web Database Server Best Practices
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
 
PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Security
 

Ähnlich wie Remote Access Security

Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
A modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsA modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsAlane Moran
 
Net Motion Mobility Overview - Field Service
Net Motion Mobility Overview - Field ServiceNet Motion Mobility Overview - Field Service
Net Motion Mobility Overview - Field Serviceksholes
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Black Hat USA 2022 - Arsenal Labs - Vehicle Control Systems - Red vs Blue
Black Hat USA 2022 - Arsenal Labs - Vehicle Control Systems - Red vs BlueBlack Hat USA 2022 - Arsenal Labs - Vehicle Control Systems - Red vs Blue
Black Hat USA 2022 - Arsenal Labs - Vehicle Control Systems - Red vs BlueChris Sistrunk
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
2008-03-06 Harris Corp Security Seminar
2008-03-06 Harris Corp Security Seminar2008-03-06 Harris Corp Security Seminar
2008-03-06 Harris Corp Security SeminarShawn Wells
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
Squire Technologes: Session Border Controller
Squire Technologes: Session Border Controller Squire Technologes: Session Border Controller
Squire Technologes: Session Border Controller Squire Technologies
 
Remote Access and Monitoring of Connected IoT Assets
Remote Access and Monitoring of Connected IoT AssetsRemote Access and Monitoring of Connected IoT Assets
Remote Access and Monitoring of Connected IoT AssetsRockwell Automation
 

Ähnlich wie Remote Access Security (20)

Windows 7 by microsoft
Windows 7 by microsoft Windows 7 by microsoft
Windows 7 by microsoft
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
VPN
VPNVPN
VPN
 
Vp ns
Vp nsVp ns
Vp ns
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
A modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsA modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systems
 
Net Motion Mobility Overview - Field Service
Net Motion Mobility Overview - Field ServiceNet Motion Mobility Overview - Field Service
Net Motion Mobility Overview - Field Service
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8
 
Black Hat USA 2022 - Arsenal Labs - Vehicle Control Systems - Red vs Blue
Black Hat USA 2022 - Arsenal Labs - Vehicle Control Systems - Red vs BlueBlack Hat USA 2022 - Arsenal Labs - Vehicle Control Systems - Red vs Blue
Black Hat USA 2022 - Arsenal Labs - Vehicle Control Systems - Red vs Blue
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
 
Manjesh cv
Manjesh cvManjesh cv
Manjesh cv
 
2008-03-06 Harris Corp Security Seminar
2008-03-06 Harris Corp Security Seminar2008-03-06 Harris Corp Security Seminar
2008-03-06 Harris Corp Security Seminar
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
 
Squire Technologes: Session Border Controller
Squire Technologes: Session Border Controller Squire Technologes: Session Border Controller
Squire Technologes: Session Border Controller
 
Jvvnl 071108
Jvvnl 071108Jvvnl 071108
Jvvnl 071108
 
Remote Access and Monitoring of Connected IoT Assets
Remote Access and Monitoring of Connected IoT AssetsRemote Access and Monitoring of Connected IoT Assets
Remote Access and Monitoring of Connected IoT Assets
 

Remote Access Security

  • 1. VA SCAN 2011: Security Without Borders Securing Remote Access to IT Resources Presented By: Bryan Miller Adjunct Faculty, Computer Science & Information Systems Virginia Commonwealth University
  • 2. Speaker Introduction Wikipedia: Remote Access Technologies Attack Vectors Audit Tools Mobile Device Issues Hardening Recommendations Policies & Procedures (P&P) Wrap-Up 10/6/2011 Securing Remote Access to IT Resources 2 Agenda
  • 3. B.S. Information Systems – VCU M.S. Computer Science – VCU VCU Network Engineer – 1987 – 1993 President, Syrinx Technologies, 2007 Adjunct Faculty Member in Information Systems and Computer Science @ VCU, FTEMS lecturer CISSP, former Cisco CCIE in R/S Published author with over 25 years in the industry 10/6/2011 Securing Remote Access to IT Resources 3 Speaker Introduction
  • 4. 10/6/2011 Securing Remote Access to IT Resources Wikipedia: Remote Access Technologies 4
  • 5. Dial-In/PPP – Point-to-Point Protocol – 1994 Layer 2 of the OSI model Provides authentication, encryption & compression Used by ISPs for dial-up Internet access PPTP - Point-to-Point Tunneling Protocol – 1999 Provides VPN access over GRE tunnel using PPP Does not provide encryption or authentication MSCHAP-v2 used for authentication is vulnerable to dictionary attacks 10/6/2011 Securing Remote Access to IT Resources 5
  • 6. L2TP – Layer 2 Tunneling Protocol - 1999 Tunneling protocol used with VPN’s Does not provide encryption Still used today by some cable providers IPSec VPN Site-Site Dedicated VPN, typically over the Internet No client configuration Remote Access Requires configuration of VPN client Can be a challenge to update large numbers of clients Configuration files must be protected! Split Tunneling Issues 10/6/2011 Securing Remote Access to IT Resources 6
  • 7. SSL VPN Browser-based access to applications No VPN client to load on endpoints Provides user-friendly front end with low maintenance No configuration files to protect Single Sign On (SSO) One password to rule them all Various authentication methods Kerberos, smart card, two-factor, Windows AD integration, LDAP Often provides web-based front-end to common applications 10/6/2011 Securing Remote Access to IT Resources 7
  • 8. Authentication Options RADIUS – Remote Authentication Dial-In User Service Implements “AAA” – Authentication, Authorization & Accounting Client-server protocol over UDP Used in VPNs, Wireless, 802.1x, etc. TACACS(+) – Terminal Access Controller Access-Control System (Plus) Cisco proprietary protocol using TCP Access control for networking devices 10/6/2011 Securing Remote Access to IT Resources 8
  • 9. 802.1x IEEE standard for port-based, Network Access Control (NAC) Provides authentication mechanisms for devices wishing to connect to a LAN or WLAN Typically requires an authentication server running RADIUS Most modern operating systems support 802.1x, including iPhone and iPod Touch Vulnerable to MITM attacks 10/6/2011 Securing Remote Access to IT Resources 9
  • 10. Network Access Control (NAC) Technology which restricts access to the network based on identity or security posture To confuse the issue, Cisco’s NAC product is actually known as Network Admission Control Can be used to force clients to conform to security policies before granting network access A/V Patches Registry Settings Can be difficult to implement in “legacy” networks 10/6/2011 Securing Remote Access to IT Resources 10
  • 11. 10/6/2011 Securing Remote Access to IT Resources Attack Vectors 11
  • 12. Dial-In Yes, this still works! Automated program dials 1000’s of phone numbers per day Usually finds “forgotten” out-of-band modem Wireless Please don’t use WEP, no longer compliant with PCI Rogue APs are still a problem – make sure your P&P documents address this Watch those hotspots! Extranet Mutual protection is the only way to go! 10/6/2011 Securing Remote Access to IT Resources 12
  • 13. VPN Protect those configuration files (try Google) Use appropriate complexity for PSKs SSL in web sites Test the cipher strengths – applicable to PCI Disable the weak ones Outdated out-of-band management tools Are you still using Telnet? 10/6/2011 Securing Remote Access to IT Resources 13
  • 14. 10/6/2011 Securing Remote Access to IT Resources Audit Tools 14
  • 15. Web Proxy Burp Suite Paros IPSec Configuration IPSecScan IKE-Scan 10/6/2011 Securing Remote Access to IT Resources 15 IKE-Scan Output: 192.168.1.254 Aggressive Mode Handshake HDR=(CKY-R=509ca66bcabbcc3a) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=12f5f2887f768a9702d9fe274cc0100 VID=afcad713a12d96b8696fc77570100 VID=a55b0176cabacc3a52207fea2babaa9 VID=0900299bcfd6b712 (XAUTH) KeyExchange(128 bytes) ID(Type=ID_IPV4_ADDR, Value=192.168.1.254) Nonce(20 bytes) Hash(20 bytes)
  • 16. SSL Cipher Strength THCSSLCheck SSLDigger OpenSSL Web Servers Nikto Nessus 10/6/2011 Securing Remote Access to IT Resources 16 SSLDigger Output: 192.168.1.1: EXP-RC2-CBC-MD5 – (40) EXP-RC4-MD5 – (40) EXP1024-DES-CBC-SHA – (56) EXP1024-RC4-SHA – (56) DES-CBC-SHA – (56) () – Number of bits of encryption This tool is great for checking PCI compliance!
  • 17. Dial-In PhoneSweep PPTP asleap Wireless 802.11 Aircrack-ng NetStumbler Bluetooth Bluesnarf BlueAuditor 10/6/2011 Securing Remote Access to IT Resources 17 From: http://www.willhackforsushi.com/Asleap.html
  • 18. Port Scanners nMap SuperScan 4 RAPS (Remote Access Perimeter Scanner) 10/6/2011 Securing Remote Access to IT Resources 18 RAPS Output: 192.168.0.187 Port 5900 - VNC, Version 3.8 192.168.0.9 Port 3389 - Terminal Server 192.168.10.57 Port 5631 - pcAnywhere, Host: A1 192.168.10.56 Port 1720 - NetMeeting 10.2.0.139 Port 1494 – Citrix Server 10.2.1.20 Port 6000 – X Server, Version 11.0 10.2.1.21 Port 6000 – X Server, NO LOGIN REQUIRED, Version 11.0 What’s the difference between 10.2.1.20 and 10.2.1.21?
  • 19. 10/6/2011 Securing Remote Access to IT Resources Mobile Device Issues 19
  • 20. Who owns the device Are employee-owned devices allowed Applications Email sync VPN configurations Encryption 10/6/2011 Securing Remote Access to IT Resources 20
  • 21. Security settings Backup/restore issues Profile management Management/Reporting Wireless/Bluetooth issues E-discovery What happens if the device is lost/stolen? Remote wipe? 10/6/2011 Securing Remote Access to IT Resources 21
  • 22. 10/6/2011 Securing Remote Access to IT Resources Hardening Recommendations 22
  • 23. Laptops At a minimum, encrypt the hard drive TrueCrypt PGP Disk BitLocker Biometrics Wireless Two-factor authentication 802.1x VPN 10/6/2011 Securing Remote Access to IT Resources 23
  • 24. Labs, public access Network Access Control (NAC) 802.1x Remote Devices Use SSH instead of Telnet for out-of-band access Limit source IP address whenever possible Always require HTTPS when available Change all default SNMP community strings and other passwords Don’t allow access to common remote control programs from the outside Citrix, VNC, PCAnywhere, DameWare, Terminal Services 10/6/2011 Securing Remote Access to IT Resources 24
  • 25. General Recommendations Make sure you have secure build configurations for all infrastructure devices Whenever possible, limit the source of resource requests to the smallest number possible SNMP, SSH With VPNs, configure access lists to limit exposure 10/6/2011 Securing Remote Access to IT Resources 25
  • 26. General Recommendations With VPNs, configure access lists to limit exposure Don’t allow free range of internal networks Identify the user as soon as possible and apply access policies Remove all unnecessary protocols, apps, etc. Perform periodic penetration tests to ensure that all low hanging fruit have been removed 10/6/2011 Securing Remote Access to IT Resources 26
  • 27. 10/6/2011 Securing Remote Access to IT Resources Policies & Procedures (P&P) 27
  • 28. Be sure to start with documented, enforceable policies Without upper management buy-in, don’t bother trying to enforce the policies Make sure you have a mobile device management policy Update and re-educate every year 10/6/2011 Securing Remote Access to IT Resources 27
  • 29. 10/6/2011 Securing Remote Access to IT Resources Wrap-Up 29
  • 30. Remote access is one of the oldest IT technologies in use today It is well understood -- but occasionally implemented without security in mind Be sure to test often and update configurations and P&P documents as necessary Remember there are more potential attackers outside your security perimeter than inside 10/6/2011 Securing Remote Access to IT Resources 30
  • 31. 10/6/2011 Securing Remote Access to IT Resources 31 Q&A