Remote access as an attack vector

In this excerpt of Chapter 7 from "The Black Book on Corporate Security," authors Howard Schmidt and Tony Alagna analyze how "unmanaged" remote access can serve as an attack vector.

The Black Book on Corporate Security

439 pages; $49.95                     Larstan Publishing

In this excerpt of Chapter 7 from The Black Book on Corporate Security, authors Howard Schmidt and Tony Alagna analyze how "unmanaged" remote access can serve as an attack vector.

This book excerpt originally appeared on SearchSecurity.com.

There are many different types of remote access solutions for mobile employees. There is SSL VPN, which is a Web-based VPN device. There are also different types of Webmail as well as Outlook Web Access. Also, some bigger companies like Citrix have secure gateways. Classic IPsec VPNs, as well as different types of portals and intranets and extranets, can also be used for mobile computing.

The quality that all remote access has in common, regardless of the method used, is that it is an endpoint machine and is as vulnerable as any other system on the Internet. In some cases, they are managed machines — a corporate issued asset that is managed by the corporate IT that has all of the corporate security provisioned security programs.

Corporate resources can now be accessed from anywhere, with most places far from trustworthy. The danger here is extreme, because mobile computing environments plug into random places and in unmanaged systems. Vendors are aware of this security threat, and they're increasingly recommending the deployment of different types of security and scanning technologies. The problem is that most security technologies are not readily deployable. Antivirus is a very large application, so it is not practical to have anyone who is logging-in remotely to download this software and then scan the hard drive for half an hour before they can access e-mail. Antivirus-type technologies in the "unmanaged space" must be behavioral, small, fast and transactional. Some are emerging in the marketplace.

Information Security Bookshelf

Read Chapter 7, Defending the digital you

Read the forward by Howard Schmidt

Read a review of this book

Share your opinion of this book

However, the vulnerability in this mobile communication model is obvious. Besides the general threat of malicious code, these machines have no physical access restrictions. Anybody can load whatever they want on it (the risk of a keystroke-logger, regardless of whether it has network connectivity, is huge). A person can walk up five minutes before it was used and five minutes after it was used and capture everything that was done on that machine between those two time points.


Insider Notes: Corporate resources can now be accessed from anywhere, with most places far from trustworthy. The danger here is extreme, because mobile computing environments plug into random places and in unmanaged systems. Vendors are aware of this security threat and they're increasingly recommending the deployment of different types of security and scanning technologies.


The threat of malicious code is even greater in this unmanaged machine space. Sometimes the people using IPsec VPNs feel safe because this technology prevents split-tunneling (the ability for two or more applications to be communicating simultaneously while the VPN connection is going). Preventing split-tunneling only creates an illusion of safety.

A reverse-connecting Trojan functions in the same way in this environment as it does in a corporate environment, by initiating its connection sequence inside out. So, if users can see the Internet, then so can the malicious code. Even without Internet access, malicious code can be scripted to steal or perform actions whenever it comes back online. Malicious code is basically winning in every environment regardless of the situational defenses. All situational defenses can do is minimize the types of attacks; it cannot stop attacks.

Read Chapter 7, Defending the digital you

This was first published in July 2006
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close