Securing Remote Access to IT Resources

Similar documents
Cisco Security Solutions for Systems Engineers (SSSE) Practice Test. Version

CompTIA Security+ Certification

BW1330. High Performance Hotspot Access Point. Browan Communications. 6 August 2007 Version 1.0

Security+ SY0-501 Study Guide Table of Contents

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

COPYRIGHTED MATERIAL. Contents

Evolution Of The Need For IAM. Securing connections between people, applications, and networks

S.No. CCIE Security Written Exam Topics v4.0 Part I Infrastructure, Connectivity, Communications, Network Security

BW1330. High Performance Hotspot Access Point


Standard For IIUM Wireless Networking

Release note Tornaborate

Configuring L2TP over IPsec

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Hacking Air Wireless State of the Nation. Presented By Adam Boileau

CompTIA Security+ (Exam SY0-401)

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Certificate Enrollment for the Atlas Platform

Easy To Install. Easy To Manage. Always Up-To-Date.

Secure wired and wireless networks with smart access control

Network Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol

AIR-WLC K9 Datasheet. Overview. Check its price: Click Here. Quick Specs

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Exam Questions SY0-401

Software Development & Education Center Security+ Certification

Secure Mobility. Klaus Lenssen Senior Business Development Manager Security

1. How will NAC deal with lying clients?

Network Encryption 3 4/20/17

Payment Card Industry (PCI) Data Security Standard

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

HC-711 Q&As. HCNA-CBSN (Constructing Basic Security Network) - CHS. Pass Huawei HC-711 Exam with 100% Guarantee

Chapter 24 Wireless Network Security

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

RADIUS Grows Up. Identity Management for Networks Secure IT Sean Convery Identity Engines

Security in the Privileged Remote Access Appliance

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

Syllabus: The syllabus is broadly structured as follows:

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Radius, LDAP, Radius, Kerberos used in Authenticating Users

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Networks with Cisco NAC Appliance primarily benefit from:

Cisco Network Admission Control (NAC) Solution

This version of the des Secure Enterprise MAC Client can be used on Mac OS X 10.7 Lion platform.

Ready Theatre Systems RTS POS

Wireless LAN Security. Gabriel Clothier

What is Eavedropping?

Cisco Exactexams Questions & Answers

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.

Gigabit SSL VPN Security Router

Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy

Children s Health System. Remote User Policy

CN!Express CX-6000 Single User Version PCI Compliance Status Version June 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Configuring RADIUS Clients

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

Cisco Passguide Exam Questions & Answers

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Security in Bomgar Remote Support

AAA and the Local Database

Network security session 9-2 Router Security. Network II

Section 4 Cracking Encryption and Authentication

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Configuration Guide. How to connect to an IPSec VPN using an iphone in ios. Overview

Data Sheet. NCP Exclusive Remote Access Mac Client. Next Generation Network Access Technology

Cisco Exam Questions & Answers

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

Securing Wireless LAN Controllers (WLCs)

This primer covers the following major topics: 1. Getting Familiar with ACS. 2. ACS Databases and Additional Server Interaction

CWNP PW Wireless #

CompTIA Security+(2008 Edition) Exam

Security+ Practice Questions Exam Cram 2 (Exam SYO-101) Copyright 2004 by Que Publishing. International Standard Book Number:

Radius, LDAP, Radius used in Authenticating Users

ISE Primer.

Virtual Private Networks (VPNs)

High Availability Synchronization PAN-OS 5.0.3

Vendor: Aruba. Exam Code: ACMP_6.1. Exam Name: Aruba Certified Mobility Professional 6.1. Version: Demo

Worldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System

Virtual Private Network

Tunnel within a network

Technical Note 01/07. Issued 4 January IPsec VPN Security Guide. Understanding and Preventing IPsec VPN Vulnerabilities

Cisco Exam Questions & Answers

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

How NOT To Get Hacked

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

Case 1: VPN direction from Vigor2130 to Vigor2820

Citrix SSO for Mac OS X. User Guide

Security Assessment Checklist

Stripe Terminal Implementation Guide

Remote Administration

Configure an External AAA Server for VPN

Data Sheet. NCP Exclusive Entry Client. Next Generation Network Access Technology

DumpsFree. DumpsFree provide high-quality Dumps VCE & dumps demo free download

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

Wireless Terminal Emulation Advanced Terminal Session Management (ATSM) Device Management Stay-Linked

Configuring Request Authentication and Authorization

Transcription:

: Security Without Borders Securing Remote Access to IT Resources Presented By: Bryan Miller Adjunct Faculty, Computer Science & Information Systems Virginia Commonwealth University

Speaker Introduction VA SCAN 2011 Agenda Wikipedia: Remote Access Technologies Attack Vectors Audit Tools Mobile Device Issues Hardening Recommendations Policies & Procedures (P&P) Wrap-Up 10/6/2011 Securing Remote Access to IT Resources 2

Speaker Introduction B.S. Information Systems VCU M.S. Computer Science VCU VCU Network Engineer 1987 1993 President, Syrinx Technologies, 2007 Adjunct Faculty Member in Information Systems and Computer Science @ VCU, FTEMS lecturer CISSP, former Cisco CCIE in R/S Published author with over 25 years in the industry 10/6/2011 Securing Remote Access to IT Resources 3

Wikipedia: Remote Access Technologies 10/6/2011 Securing Remote Access to IT Resources 4

Dial-In/PPP Point-to-Point Protocol 1994 Layer 2 of the OSI model Provides authentication, encryption & compression Used by ISPs for dial-up Internet access PPTP - Point-to-Point Tunneling Protocol 1999 Provides VPN access over GRE tunnel using PPP Does not provide encryption or authentication MSCHAP-v2 used for authentication is vulnerable to dictionary attacks 10/6/2011 Securing Remote Access to IT Resources 5

L2TP Layer 2 Tunneling Protocol - 1999 Tunneling protocol used with VPN s Does not provide encryption Still used today by some cable providers IPSec VPN Site-Site Dedicated VPN, typically over the Internet No client configuration Remote Access Requires configuration of VPN client Can be a challenge to update large numbers of clients Configuration files must be protected! Split Tunneling Issues 10/6/2011 Securing Remote Access to IT Resources 6

SSL VPN Browser-based access to applications No VPN client to load on endpoints Provides user-friendly front end with low maintenance No configuration files to protect Single Sign On (SSO) One password to rule them all Various authentication methods Kerberos, smart card, two-factor, Windows AD integration, LDAP Often provides web-based front-end to common applications 10/6/2011 Securing Remote Access to IT Resources 7

Authentication Options RADIUS Remote Authentication Dial-In User Service Implements AAA Authentication, Authorization & Accounting Client-server protocol over UDP Used in VPNs, Wireless, 802.1x, etc. TACACS(+) Terminal Access Controller Access- Control System (Plus) Cisco proprietary protocol using TCP Access control for networking devices 10/6/2011 Securing Remote Access to IT Resources 8

802.1x IEEE standard for port-based, Network Access Control (NAC) Provides authentication mechanisms for devices wishing to connect to a LAN or WLAN Typically requires an authentication server running RADIUS Most modern operating systems support 802.1x, including iphone and ipod Touch Vulnerable to MITM attacks 10/6/2011 Securing Remote Access to IT Resources 9

Network Access Control (NAC) Technology which restricts access to the network based on identity or security posture To confuse the issue, Cisco s NAC product is actually known as Network Admission Control Can be used to force clients to conform to security policies before granting network access A/V Patches Registry Settings Can be difficult to implement in legacy networks 10/6/2011 Securing Remote Access to IT Resources 10

Attack Vectors 10/6/2011 Securing Remote Access to IT Resources 11

Dial-In Yes, this still works! Automated program dials 1000 s of phone numbers per day Usually finds forgotten out-of-band modem Wireless Please don t use WEP, no longer compliant with PCI Rogue APs are still a problem make sure your P&P documents address this Watch those hotspots! Extranet Mutual protection is the only way to go! 10/6/2011 Securing Remote Access to IT Resources 12

VPN VA SCAN 2011 Protect those configuration files (try Google) Use appropriate complexity for PSKs SSL in web sites Test the cipher strengths applicable to PCI Disable the weak ones Outdated out-of-band management tools Are you still using Telnet? 10/6/2011 Securing Remote Access to IT Resources 13

Audit Tools 10/6/2011 Securing Remote Access to IT Resources 14

Web Proxy Burp Suite Paros IPSec Configuration IPSecScan IKE-Scan IKE-Scan Output: 192.168.1.254 Aggressive Mode Handshake HDR=(CKY-R=509ca66bcabbcc3a) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=12f5f2887f768a9702d9fe274cc0100 VID=afcad713a12d96b8696fc77570100 VID=a55b0176cabacc3a52207fea2babaa9 VID=0900299bcfd6b712 (XAUTH) KeyExchange(128 bytes) ID(Type=ID_IPV4_ADDR, Value=192.168.1.254) Nonce(20 bytes) Hash(20 bytes) 10/6/2011 Securing Remote Access to IT Resources 15

SSL Cipher Strength THCSSLCheck SSLDigger OpenSSL Web Servers Nikto Nessus SSLDigger Output: 192.168.1.1: EXP-RC2-CBC-MD5 (40) EXP-RC4-MD5 (40) EXP1024-DES-CBC-SHA (56) EXP1024-RC4-SHA (56) DES-CBC-SHA (56) () Number of bits of encryption This tool is great for checking PCI compliance! 10/6/2011 Securing Remote Access to IT Resources 16

Dial-In PhoneSweep PPTP asleap Wireless 802.11 Aircrack-ng NetStumbler Bluetooth Bluesnarf BlueAuditor From: http://www.willhackforsushi.com/asleap.html 10/6/2011 Securing Remote Access to IT Resources 17

Port Scanners nmap SuperScan 4 RAPS (Remote Access Perimeter Scanner) RAPS Output: 192.168.0.187 Port 5900 - VNC, Version 3.8 192.168.0.9 Port 3389 - Terminal Server 192.168.10.57 Port 5631 - pcanywhere, Host: A1 192.168.10.56 Port 1720 - NetMeeting 10.2.0.139 Port 1494 Citrix Server 10.2.1.20 Port 6000 X Server, Version 11.0 10.2.1.21 Port 6000 X Server, NO LOGIN REQUIRED, Version 11.0 What s the difference between 10.2.1.20 and 10.2.1.21? 10/6/2011 Securing Remote Access to IT Resources 18

Mobile Device Issues 10/6/2011 Securing Remote Access to IT Resources 19

Who owns the device Are employee-owned devices allowed Applications Email sync VPN configurations Encryption 10/6/2011 Securing Remote Access to IT Resources 20

Security settings Backup/restore issues Profile management Management/Reporting Wireless/Bluetooth issues E-discovery What happens if the device is lost/stolen? Remote wipe? 10/6/2011 Securing Remote Access to IT Resources 21

Hardening Recommendations 10/6/2011 Securing Remote Access to IT Resources 22

Laptops VA SCAN 2011 At a minimum, encrypt the hard drive TrueCrypt PGP Disk BitLocker Biometrics Wireless Two-factor authentication 802.1x VPN 10/6/2011 Securing Remote Access to IT Resources 23

Labs, public access Network Access Control (NAC) 802.1x Remote Devices Use SSH instead of Telnet for out-of-band access Limit source IP address whenever possible Always require HTTPS when available Change all default SNMP community strings and other passwords Don t allow access to common remote control programs from the outside Citrix, VNC, PCAnywhere, DameWare, Terminal Services 10/6/2011 Securing Remote Access to IT Resources 24

General Recommendations Make sure you have secure build configurations for all infrastructure devices Whenever possible, limit the source of resource requests to the smallest number possible SNMP, SSH With VPNs, configure access lists to limit exposure 10/6/2011 Securing Remote Access to IT Resources 25

General Recommendations With VPNs, configure access lists to limit exposure Don t allow free range of internal networks Identify the user as soon as possible and apply access policies Remove all unnecessary protocols, apps, etc. Perform periodic penetration tests to ensure that all low hanging fruit have been removed 10/6/2011 Securing Remote Access to IT Resources 26

Policies & Procedures (P&P) 10/6/2011 Securing Remote Access to IT Resources 27

Be sure to start with documented, enforceable policies Without upper management buy-in, don t bother trying to enforce the policies Make sure you have a mobile device management policy Update and re-educate every year 10/6/2011 Securing Remote Access to IT Resources 27

Wrap-Up 10/6/2011 Securing Remote Access to IT Resources 29

Remote access is one of the oldest IT technologies in use today It is well understood -- but occasionally implemented without security in mind Be sure to test often and update configurations and P&P documents as necessary Remember there are more potential attackers outside your security perimeter than inside 10/6/2011 Securing Remote Access to IT Resources 30

Q&A 10/6/2011 Securing Remote Access to IT Resources 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback