This section of our network access control learning guide focuses on security for remote users in Windows networks. Learn how to secure remote access points, how remote access points can be used to hack a Windows network and best practices for remote user authentication.
Table of contents
Microsoft network endpoint security tips and tactics
Remote access security measures for Windows users
VPN security testing and maintenance
Microsoft Windows Firewall security
|Remote access security measures for Windows users|
Remote access and security for remote users has become a hot topic for security professionals as telecommuting has grown in popularity. A horde of remote users adds a number of new security problems for Windows security admins, including endpoint security, VPN security and remote user education.
This growing list of security concerns is a treasure chest for potential hackers, as they can steal a user's notebook computer, hack into an insecure VPN or take advantage of uneducated users. In this section, pick up a few tips on how to ensure that your remote access security is as tight as possible.
Remote user security checklist
At some point in time, odds are you've had remote users connecting to your network. Telecommuting has several proven productivity and environmental benefits, but it doesn't come without its drawbacks -- mostly in the form of information security risks. So what do you need to know about remote user security? What happens if your remote users' computers have viruses or they transmit sensitive e-mails and instant messages over an unsecured wireless link? How about when systems that aren't properly protected can connect directly to your network -- thus offering a direct inbound link to anyone wanting to get inside and poke around maliciously.
Arguably, lots of bad things can happen. Unauthorized information access can take place, information leakage can occur, and there's always a possibility that malware can seep in through your otherwise hardened network border.
Before you create any new policies or lock down your remote systems, it's very beneficial to determine which remote access vulnerabilities currently exist in your environment. Doing that not only finds missing patches, but it also digs in deeper to find misconfigurations, unnecessary shares, null session connections and other exploitable vulnerabilities you would not otherwise be able to dig up easily. I suggest you use a vulnerability assessment tool such as Tenable Network Security's NeWT, GFI Software Ltd.'s LANguard Network Security Scanner and Qualys Inc.'s QualysGuard.
Remote access as an attack vector
The danger of employees having remote access to your system is extreme, because mobile computing environments plug into random places and in unmanaged systems. Vendors are aware of this security threat, and they're increasingly recommending the deployment of different types of security and scanning technologies. The problem is that most security technologies are not readily deployable. Antivirus is a very large application, so it is not practical to have anyone who is logging-in remotely to download this software and then scan the hard drive for half an hour before they can access e-mail. Antivirus-type technologies in the "unmanaged space" must be behavioral, small, fast and transactional. Some are emerging in the marketplace.
However, the vulnerability in this mobile communication model is obvious. Besides the general threat of malicious code, these machines have no physical access restrictions. Anybody can load whatever they want on it (the risk of a keystroke logger, regardless of whether it has network connectivity, is huge). A person can walk up five minutes before it was used and five minutes after it was used and capture everything that was done on that machine between those two time points.
The threat of malicious code is even greater in this unmanaged machine space. Sometimes the people using IPsec VPNs feel safe because this technology prevents split-tunneling (the ability for two or more applications to be communicating simultaneously while the VPN connection is going). Preventing split-tunneling only creates an illusion of safety.
Remote user authentication
Securing remote users is a problem for a lot of us whose jobs are to keep our networks secure. Anytime you don't have control over a machine's physical location, a world of variables are introduced that could compromise the integrity of your infrastructure. As remote access becomes more of a requirement than a nicety, it's important to maintain a secure but easy remote authentication process. Here are four tips to make it easier to administer remote access to your network:
- Use RADIUS or a similar authentication, authorization and accounting (AAA) server to granularize who gets access to what and to keep track of those users' activities.
- Invest in devices, not full servers, to secure your endpoints.
- Consider a quarantine solution to prevent infected or damaged machines from having unfettered access to your network.
- Be consistent with your remote authentication policies.
This was first published in July 2007