Академический Документы
Профессиональный Документы
Культура Документы
Table of Contents
Introduction.......................................................................................................2 What is Remote Access......................................................................................3 Why Remote Access...........................................................................................4 How Remote Access Works ...............................................................................5 Type of Remote Access .......................................................................................7 Risk of Enabling Remote Access........................................................................8 Potential Risk for Business Danger ..................................................................... 10 Security Implication of Remote Access...........................................................11 Future of Remote Access Computing ..............................................................12 Case Study of Remote Access War Dialer.....................................................13 War Dialing Tools .............................................................................................14 War Dialing Process ..........................................................................................14 War Dialing Example.........................................................................................15 Commercial-based on Remote Access Tools ...................................................16 Conclusion........................................................................................................17 Reference.........................................................................................................18
Page | 1
Introduction
In this competitive world, the ability to access files and information on computer over the internet is useful for work. For example, one student has discovered that his school assignment did not exactly make a successful transition from his personal computer hard drive to his portable device when he is outstation. He has to ask people to access his personal computer and send that file through e-mail to him. This is one of the common solutions that anyone can make. What if the file is private or confidential? There is a reason of setting up computer for remote access is a good idea if wants to avoid this kind of situation happened. He can retrieve his file personally although he is not in front of his own computer. However, there is always the risk that something could go wrong if they enabling remote access on their personal computer. It could lead to someone accessing unauthorized files that aren supposed to be in there, or whether it could be spammer t use computer for unauthorized purposes. In this paper, I would to investigate implication and risk of remote computing. I would choose one of attack through remote access which known as War-Dialer as my study subject. What are the driving forces behind remote access? How do they work? These and many other questions will be discussed in this paper.
Page | 2
enables users outside a network to have network access and privileges as if they were inside the network.
[1]
that the user is using a machine that is not physically connected to the network in question and must therefore establish a connection through a remote means, such as dialing in, connecting via internet, or connecting through wireless connection. Remote access is typically used by organizations to connect an employee laptop or s home computer to an organization network to read email or access shared files and by s internet service providers (IPS) to connect to the Internet. To achieve these network connections, a variety of methods are used, varying depending upon network type, the hardware employed, and any security requirements.
Page | 3
[3]
organization are no longer restricted to using a desktop PC at the office. They can have the benefits of using the organizations IT infrastructure while they are working outstation by remotely control the computer in the office. They also can remotely access data on their own home PC without actually being sat in front of it.
It has substantial benefits and a potentially fast Return on Investment (ROI) of an organization because it reduces the cost of travel.
[3]
has to commute long distance to the office every day, saving valuable time as a result, thereby allowing people to become more productive. The supervisor can monitor the operation of the company although they are not in the office. Besides that, remote access allows the elimination of cumbersome process such as resolve potential technical issues without the need to be on site. The technician needs not to be on site to solve the simple technical problem and hence this can improve the efficiency of the operation on an organization.
Page | 4
The temporary network connection can be via a dial-up service, the Internet, wireless access, or any other method of connecting to a network. Once the connection is made, the primary issue is identifying the user and establishes proper privilege (AAA) Authentication, Authorization and Authorization for that user.
[4]
Authentication matching of user-supplied credentials to previously stored credentials on a host machine. This is usually done with an account name and a password.
Authorization The granting of specific permissions based on the privilege held by the account.
Accounting The collection of billing and other details records. Accounting functions include keeping detailed security logs to maintain an audit trail of tasks being performed.
Using encryption, remote accesses protocols can establish a secure network connection, through which the operating system on the host machine can authenticate and authorize a user according to previously, establish levels. Identification is the process of ascribes a computer ID to a specific user, computer, or network device. User identification enables authentication and authorization that form the basis for accountability. This enables user to trace
Page | 5
activities to individual users or computer process. Identification us usually takes the form of unique logon ID. Authentication is the process of binding a specific ID to a specific computer connection. Historically, there were three categories of things used to identify a user, they are What user know (such as password) What users have (such as tokens) What users are (this can involve static biometrics such as fingerprints)
Authorization is the process of permitting or denying access to a specific resource. Authorization determines whether a user has permissions for particular object or resource being requested. This functionality is frequently part of the operating system and is transparent to users. RADIUS and TACACS are systems that authenticate the credentials of users who are trying to access an organization network via dial-up connection. s
Page | 6
Type of Remote Access Remote access falls into three broad categories: 1) Connections with full network access the remote computer acts as if it were a node on the organization network s 2) Feature-based connections users need access to specific, discrete network features lie e-mail or file transfers 3) Connections that allow remote controls of personal computer, usually in worker s permanent office. There are two types of remote access: 1) Enable user to access files and information remotely 2) Enables user to access and control PC remotely The restriction of remote access for certain function is to reduce unauthorized people from accessing the PC remotely and steal the important files or data. User can set the rules or policy of remote accessing to control the people who are allowed to access it or the activity of the remote access. However, opening computer to connection from external sources will always have a risk that being hacked by unauthorized people. It could be someone accessing user files that is not supposed be there, or whether it be that a spammer of con artist uses computer for unauthorized purposes. User need to exude copious amounts of caution when enable a remote access feature.
Page | 7
The most obvious risk involved with remote access is the unauthorized user. Unfortunately, this risk is one that user will never be able to entirely avoid. Regardless of the level of care user takes in keeping password information a secret, program exist that can break into most secure networks. File Loss
Another possible risk of remote access technology is the loss of files. This can happen for many different reasons, whether it partial file transfer or transfer errors. s Data Interception and Eavesdropping
Data interception means that a third party can gain access to sensitive information while the connection is being relayed between two parties on the remote access network. Eavesdropping simply means there is a third party listening in on a remote access network. Lack of physical controls
One of the most obvious threats to remote access system is the lack of physical control over the device being used to access the network. A laptop or another type of portable
Page | 8
data gadget is highly vulnerable to theft, and could allow an unauthorized person to gain access to another computer. Malware
Malware is another potential risk involved with remote access. Malware refers to software that can become installed on user computer without user knowledge, which s performs functions potentially harmful to the system. Firewall problems
Firewall problems with remote access can stem from the lack of personalized firewalls for each mobile device that connects to the remote access network. Having the same firewall policy regardless of the device locations is not considered secure. Theft of access credentials
Theft of access credentials can happen in a number of ways, from shoulder surfing, where an attacker watches the user input his user name and password, to man-in-themiddle attacks, where access credentials are captured as they are entered when logging into the network. When uncontrolled, Internet kiosks are used to access the corporate network and there is a possibility that a keystroke logger (in the form of software or hardware) could be utilized to steal the user access credentials. s
Page | 9
Potential Risk for Business Danger Even if there is no malicious intent, or the access is provided for a legitimate business purpose, it should be strictly controlled, if not prohibited. Besides the threat of introducing malware into user system, there are other technical and business dangers. First, granting system access to an outsider lowers user security level to that of the external provider. If they have feeble controls, they become the weakest link in user security chain. If a hacker compromises their system, he or she can use that as a backdoor into your network. Hence, the business danger risk increases. Second, there are also business and reputation risks. If their breached system is used to gain malicious access to user system, victim company name will also be in the headlines. Bad press will drive away customers, actual and potential business and can even lead to an unwelcome regulatory review. Third, allowing external access of this nature circumvents technical controls, such as firewalls. If unfettered access is allowed, why bother with firewalls and access controls? User might as well leave the network wide open for anyone to come in. Further, if the software they want to install contains malware, their remote access is a direct pipeline for malicious code into user network.
Page | 10
dials a defined range of phone numbers and logs and enters in a database those numbers that successfully connect to the modem. Some programs can also identify the particular operating system running in the computer and may also conduct automated penetration testing. In such cases, the war dialer runs through a predetermined list of common user names and passwords in an attempt to gain access to the system. Historically, hackers used war dialing to find Telephone Company (Telco) and corporate access numbers for free, albeit illegal, long distance telephone calls.
[7]
War
dialing has matured since then, and now publicly available hacker software is much better at identifying vulnerable computers than making free phone calls. War dialing is difficult to defend against because most organizations set up their telephone systems with availability and ease of use as their top priorities, not security. In much of the world, war dialing is an illegal, punishable crime. In mainstream America, hackers like this are usually treated as nuisances, but in some criminal cases war dialing has been characterized as fraud. Not surprisingly, hackers have developed ways to avoid detection and have numerous tools and processes for this purpose. There are, however, legitimate uses for war dialing including remote access diagnostics.
Page | 13
War Dialing Tools In today competitive market, there are many freeware and commercial-based war s dialing tools to assist user with the task of war dialing. War dialing can be performed using basic tools. Inexpensive computers can drive a modem to quickly scan an organization telephones. Below are the minimum tools needed to perform war dialing: s
War Dialing Process The first objective of war dialing is to compile an accurate inventory of each telephone number in an organization. Determining exactly how many and what kinds of equipment helps in the assessment of vulnerabilities and helps to better secure critical systems. For this reason, the dial inventory developed during war dialing must be as complete and accurate as possible. Three steps are involved in creating such an assessment of your exposure: 1) Calling numbers 2) Detecting resources 3) Classifying answering devices identify exploitable telephone resources
Page | 14
War Dialer Example XYZ Company has install remote control software on the desktop at work. Once the remote control software is installed, they connect the modem to a nearby fax line that is not being used. Not being a security-savvy person, they does not configure a password for the remote control software host connection, thus leaving the screen s door open for anyone to connect to the remotely controlled host system. Coincidently, the Hacker who has been trying to penetrate XYZ Company via the Internet decides to try a different route. So, the Hacker starts a war dialing reconnaissance mission, and manages to dial XYZ entire phone range in six hours. After analyzing the war dialing s logs, the Hacker determines that one of the modems found -- from the war dialing reconnaissance mission - is using remote control software. After a few connection attempts, using various remote control applications, the Hacker finally connects to XYZ Company system that is connected to the network. s
Page | 15
Page | 16
Conclusion
War dialing is a simple, but insidious threat to large organizations. With the proliferation of remote access points, every telephone is potentially vulnerability. It is recommended that an Attended War dialing Sweep to ensure the highest integrity of results. An expert using good tools can recognize and find all computers set up for remote dial-in while the war dialing software alone cannot. Remote control technology has been around since DOS and OS/2 dominated the computer industry. However, since its inception in the 1980 remote control software has come a long way evolving into sophisticated, s, resourceful tools that provide much more than just simple remote control. With a number of remote control products on the market, it is important to know what features are truly beneficial in order to separate the good from the bad. Usability, security, platform support, and speed should all be taken into consideration when purchasing remote control software. A good remote control application will combine all these features to enable system administrators to monitor, address, and resolve all network related issues from a single desktop to provide superior network management.
Page | 17
Reference
[1] WM. ARTHUR CONKLIN, GREGORY B. WHITE, CHYCK COTHREN, DWAYNE WILLIAMS, REGER L. DAVIS, Principle of Computer Security, Security+Tm And Beyond, McGraw-Hill, 2004 [2] Microsoft Remote Access Introduction and Overview, http://technet.microsoft.com/enus/library/bb742490.aspx#XSLTsection122121120120
[5] Controlling Access, http://etutorials.org/Server+Administration/securing+windows+server+2003/Chapte r+14.+Remote+Access+Security/14.2+Controlling+Access/ [6] War dialing, http://en.wikipedia.org/wiki/War_dialing [7] War dialing, http://www.sans.org/reading_room/whitepapers/testing/wardialing_268 [8] Remote Access White Paper, http://www.sans.org/reading_room/whitepapers/threats/remote-access-whitepaper_476 [9] Five Best Remote Access Tools, http://lifehacker.com/5080121/five-best-remotedesktop-tools
Page | 18