SCHOOL OF COMPUTER SCIENCES UNIVERSITI SAINS MALAYSIA

CPT 233-INFORMATION SECURITY AND ASSURANCE

Sem II 2011/2012

ASSIGNMENT 2 Remote Access Computing

Name : Lim Yen Shen Matrix No : 107594

White Paper-Remote Access Computing

Table of Contents
Introduction.......................................................................................................2 What is Remote Access......................................................................................3 Why Remote Access...........................................................................................4 How Remote Access Works ...............................................................................5 Type of Remote Access .......................................................................................7 Risk of Enabling Remote Access........................................................................8 Potential Risk for Business Danger ..................................................................... 10 Security Implication of Remote Access...........................................................11 Future of Remote Access Computing ..............................................................12 Case Study of Remote Access War Dialer.....................................................13 War Dialing Tools .............................................................................................14 War Dialing Process ..........................................................................................14 War Dialing Example.........................................................................................15 Commercial-based on Remote Access Tools ...................................................16 Conclusion........................................................................................................17 Reference.........................................................................................................18

Page | 1

White Paper-Remote Access Computing

Introduction
In this competitive world, the ability to access files and information on computer over the internet is useful for work. For example, one student has discovered that his school assignment did not exactly make a successful transition from his personal computer hard drive to his portable device when he is outstation. He has to ask people to access his personal computer and send that file through e-mail to him. This is one of the common solutions that anyone can make. What if the file is private or confidential? There is a reason of setting up computer for remote access is a good idea if wants to avoid this kind of situation happened. He can retrieve his file personally although he is not in front of his own computer. However, there is always the risk that something could go wrong if they enabling remote access on their personal computer. It could lead to someone accessing unauthorized files that aren supposed to be in there, or whether it could be spammer t use computer for unauthorized purposes. In this paper, I would to investigate implication and risk of remote computing. I would choose one of attack through remote access which known as War-Dialer as my study subject. What are the driving forces behind remote access? How do they work? These and many other questions will be discussed in this paper.

Page | 2

White Paper-Remote Access Computing

What Is Remote Access

Remote access is a set of technologies that transparently connects a computer, typically

enables users outside a network to have network access and privileges as if they were inside the network.
[1]

What is mean by outside a network? Outside a network means

that the user is using a machine that is not physically connected to the network in question and must therefore establish a connection through a remote means, such as dialing in, connecting via internet, or connecting through wireless connection. Remote access is typically used by organizations to connect an employee laptop or s home computer to an organization network to read email or access shared files and by s internet service providers (IPS) to connect to the Internet. To achieve these network connections, a variety of methods are used, varying depending upon network type, the hardware employed, and any security requirements.

Figure The logical of a remote access connection [2]

Page | 3

White Paper-Remote Access Computing

Why Remote Access

With the computer and software technology being too fast-paced, working efficiency is one of the most concern problem in today world. The availability to retrieve data from the main source when the person is not on there is a concern for most of the employees in an organization. By using remote access, an organization become more

flexible and improves the way in which people work.

[3]

For example, employees in an

organization are no longer restricted to using a desktop PC at the office. They can have the benefits of using the organizations IT infrastructure while they are working outstation by remotely control the computer in the office. They also can remotely access data on their own home PC without actually being sat in front of it.

It has substantial benefits and a potentially fast Return on Investment (ROI) of an organization because it reduces the cost of travel.
[3]

For example, employee no longer

has to commute long distance to the office every day, saving valuable time as a result, thereby allowing people to become more productive. The supervisor can monitor the operation of the company although they are not in the office. Besides that, remote access allows the elimination of cumbersome process such as resolve potential technical issues without the need to be on site. The technician needs not to be on site to solve the simple technical problem and hence this can improve the efficiency of the operation on an organization.

Page | 4

White Paper-Remote Access Computing

How Remote Access Works

The process of connecting by remote access involves two elements: a temporary network connection and a series of protocols to negotiate privileges and commands.
[4]

The temporary network connection can be via a dial-up service, the Internet, wireless access, or any other method of connecting to a network. Once the connection is made, the primary issue is identifying the user and establishes proper privilege (AAA) Authentication, Authorization and Authorization for that user.
[4]

Authentication matching of user-supplied credentials to previously stored credentials on a host machine. This is usually done with an account name and a password.

Authorization The granting of specific permissions based on the privilege held by the account.

Accounting The collection of billing and other details records. Accounting functions include keeping detailed security logs to maintain an audit trail of tasks being performed.

Using encryption, remote accesses protocols can establish a secure network connection, through which the operating system on the host machine can authenticate and authorize a user according to previously, establish levels. Identification is the process of ascribes a computer ID to a specific user, computer, or network device. User identification enables authentication and authorization that form the basis for accountability. This enables user to trace

Page | 5

White Paper-Remote Access Computing Remote

activities to individual users or computer process. Identification us usually takes the form of unique logon ID. Authentication is the process of binding a specific ID to a specific computer connection. Historically, there were three categories of things used to identify a user, they are What user know (such as password) What users have (such as tokens) What users are (this can involve static biometrics such as fingerprints)

Authorization is the process of permitting or denying access to a specific resource. Authorization determines whether a user has permissions for particular object or resource being requested. This functionality is frequently part of the operating system and is transparent to users. RADIUS and TACACS are systems that authenticate the credentials of users who are trying to access an organization network via dial-up connection. s

Figure Typical AAA network configuration [5]

Page | 6

White Paper-Remote Access Computing

Type of Remote Access Remote access falls into three broad categories: 1) Connections with full network access the remote computer acts as if it were a node on the organization network s 2) Feature-based connections users need access to specific, discrete network features lie e-mail or file transfers 3) Connections that allow remote controls of personal computer, usually in worker s permanent office. There are two types of remote access: 1) Enable user to access files and information remotely 2) Enables user to access and control PC remotely The restriction of remote access for certain function is to reduce unauthorized people from accessing the PC remotely and steal the important files or data. User can set the rules or policy of remote accessing to control the people who are allowed to access it or the activity of the remote access. However, opening computer to connection from external sources will always have a risk that being hacked by unauthorized people. It could be someone accessing user files that is not supposed be there, or whether it be that a spammer of con artist uses computer for unauthorized purposes. User need to exude copious amounts of caution when enable a remote access feature.

Page | 7

White Paper-Remote Access Computing

Risk of Enabling Remote Access

Remote access presents one of the biggest security risks in any network. In fact, remote access is a risk by its very nature: remote access is intended to allow remote computer to access user private network. Giving any third-party provide access to user s system is a security risk. Unauthorized User

The most obvious risk involved with remote access is the unauthorized user. Unfortunately, this risk is one that user will never be able to entirely avoid. Regardless of the level of care user takes in keeping password information a secret, program exist that can break into most secure networks. File Loss

Another possible risk of remote access technology is the loss of files. This can happen for many different reasons, whether it partial file transfer or transfer errors. s Data Interception and Eavesdropping

Data interception means that a third party can gain access to sensitive information while the connection is being relayed between two parties on the remote access network. Eavesdropping simply means there is a third party listening in on a remote access network. Lack of physical controls

One of the most obvious threats to remote access system is the lack of physical control over the device being used to access the network. A laptop or another type of portable

Page | 8

White Paper-Remote Access Computing

data gadget is highly vulnerable to theft, and could allow an unauthorized person to gain access to another computer. Malware

Malware is another potential risk involved with remote access. Malware refers to software that can become installed on user computer without user knowledge, which s performs functions potentially harmful to the system. Firewall problems

Firewall problems with remote access can stem from the lack of personalized firewalls for each mobile device that connects to the remote access network. Having the same firewall policy regardless of the device locations is not considered secure. Theft of access credentials

Theft of access credentials can happen in a number of ways, from shoulder surfing, where an attacker watches the user input his user name and password, to man-in-themiddle attacks, where access credentials are captured as they are entered when logging into the network. When uncontrolled, Internet kiosks are used to access the corporate network and there is a possibility that a keystroke logger (in the form of software or hardware) could be utilized to steal the user access credentials. s

Page | 9

White Paper-Remote Access Computing

Potential Risk for Business Danger Even if there is no malicious intent, or the access is provided for a legitimate business purpose, it should be strictly controlled, if not prohibited. Besides the threat of introducing malware into user system, there are other technical and business dangers. First, granting system access to an outsider lowers user security level to that of the external provider. If they have feeble controls, they become the weakest link in user security chain. If a hacker compromises their system, he or she can use that as a backdoor into your network. Hence, the business danger risk increases. Second, there are also business and reputation risks. If their breached system is used to gain malicious access to user system, victim company name will also be in the headlines. Bad press will drive away customers, actual and potential business and can even lead to an unwelcome regulatory review. Third, allowing external access of this nature circumvents technical controls, such as firewalls. If unfettered access is allowed, why bother with firewalls and access controls? User might as well leave the network wide open for anyone to come in. Further, if the software they want to install contains malware, their remote access is a direct pipeline for malicious code into user network.

Page | 10

White Paper-Remote Access Computing

Security Implication of Remote Access

The best way to make remote access more secure is to strictly control who is allowed to access network remotely, either via virtual private networks (VPNs) or dial-up connections. Instead of allowing all company users to dial in, restrict the service to employees who actually need it. If an employee is going on a business trip, enable dialup access for his account; when he returns from the trip, remove his dial-up authorization. While the cost of managing this user may be relatively high, the practice of carefully limiting remote access usually provides greatly enhanced security. Next, unauthorized access to remote desktop is not always because of a purposeful attempt. Limit accidental security breaches of remote desktop and limit less-securityconscious fellow employees from accessing remote desktop. Multiple administrator accounts will need to be tweaked to exclude those who pose a potential security risk, only allowing access to the administrator accounts that can trust to be more diligent against hackers. Scan through the computer system's control panel to see if others have access that need to be locked out of accessing your remote desktop. Third, every organization should guard against individuals who purposefully attempt to access remote desktops through a process of "seeking out" remote desktop ports. Every desktop have a listening port, and this port is used by hacker to infiltrate remote desktop. "Hide" that listening port before begin using your remote desktop. This will make it harder for hackers to find your system to compromise it. Create an account lockout policy. This will automatically lock potential hackers out of any additional attempts to "guess" password after they have made a certain number of efforts. Page | 11

White Paper-Remote Access Computing

Future of Remote Access Computing

As can be seen right now, organizations are expected to support a growing number of users, many working remotely, who are using increasingly complex hardware and software. At the same time, the budget to manage and maintain are being curtailed. Therefore, organizations must find a way to handle the increased workload securely in term of confidentiality, integrity and availability of the system and posses them effectively. There will be a convergence of Internet and telecommunication technologies and 3G or 4G systems will be more heterogeneous. Also when it comes to security, 3G or 4G systems will use security solutions inherited from both areas and be secured by using a combination of disparate security technologies. These wireless remote accesses will be the first application that is widely adopted. The reason to this is because of its high value, low technical barriers and market demand. Remote access will be soon being possible from many different types of wireless networks. Security is very important since the organization open up doors that should be open for authorized employees. However, it is obvious that the companies have the responsibility to preserve the security in these situations. Remote access will be a great importance for the employees when they are working on move, since they can access the information that they need when they need. This is thus profitable for the organization as well as for the employees. Remote access does not only exist in a small scale today, but is expected to be one of the first and widely used fields of application in future. Page | 12

White Paper-Remote Access Computing

Case study of Remote Access War Dialer

A war dialer is a computer program used to identify the phone numbers that can successfully make a connection with a computer modem.
[6]

The program automatically

dials a defined range of phone numbers and logs and enters in a database those numbers that successfully connect to the modem. Some programs can also identify the particular operating system running in the computer and may also conduct automated penetration testing. In such cases, the war dialer runs through a predetermined list of common user names and passwords in an attempt to gain access to the system. Historically, hackers used war dialing to find Telephone Company (Telco) and corporate access numbers for free, albeit illegal, long distance telephone calls.
[7]

War

dialing has matured since then, and now publicly available hacker software is much better at identifying vulnerable computers than making free phone calls. War dialing is difficult to defend against because most organizations set up their telephone systems with availability and ease of use as their top priorities, not security. In much of the world, war dialing is an illegal, punishable crime. In mainstream America, hackers like this are usually treated as nuisances, but in some criminal cases war dialing has been characterized as fraud. Not surprisingly, hackers have developed ways to avoid detection and have numerous tools and processes for this purpose. There are, however, legitimate uses for war dialing including remote access diagnostics.

Page | 13

White Paper-Remote Access Computing

War Dialing Tools In today competitive market, there are many freeware and commercial-based war s dialing tools to assist user with the task of war dialing. War dialing can be performed using basic tools. Inexpensive computers can drive a modem to quickly scan an organization telephones. Below are the minimum tools needed to perform war dialing: s

Computer Modem Telephone line War dialer software

War Dialing Process The first objective of war dialing is to compile an accurate inventory of each telephone number in an organization. Determining exactly how many and what kinds of equipment helps in the assessment of vulnerabilities and helps to better secure critical systems. For this reason, the dial inventory developed during war dialing must be as complete and accurate as possible. Three steps are involved in creating such an assessment of your exposure: 1) Calling numbers 2) Detecting resources 3) Classifying answering devices identify exploitable telephone resources

Page | 14

White Paper-Remote Access Computing

War Dialer Example XYZ Company has install remote control software on the desktop at work. Once the remote control software is installed, they connect the modem to a nearby fax line that is not being used. Not being a security-savvy person, they does not configure a password for the remote control software host connection, thus leaving the screen s door open for anyone to connect to the remotely controlled host system. Coincidently, the Hacker who has been trying to penetrate XYZ Company via the Internet decides to try a different route. So, the Hacker starts a war dialing reconnaissance mission, and manages to dial XYZ entire phone range in six hours. After analyzing the war dialing s logs, the Hacker determines that one of the modems found -- from the war dialing reconnaissance mission - is using remote control software. After a few connection attempts, using various remote control applications, the Hacker finally connects to XYZ Company system that is connected to the network. s

Figure War Dialing Scenario [7]

Page | 15

White Paper-Remote Access Computing

Commercial-based of Remote Access Tools

Currently, there is a lot of commercial software of remote access tools in the market. These tools have enlightened a lot of user problem. The tools for remote access is s easy to set up and can user can access their home computer even though they are far away from their host computer. Example of commercial remote access software is LogMeIn, TightVNC, UltraVNC and the list goes on. The feature offer in each software maybe different and the price of the software is depends to the vendor of the software. There is also freeware of remote access tools. The most popular freeware tool is TeamViewer. TeamViewer is a friendly solution for remote computer access over the Internet. It establishes connections to any PC or server all around the world within just a few seconds. Next, Windows Remote Desktop which is the default remote desktop application that comes bundled with Windows can consider enough for most users who are looking for remote desktop control tools. The figures below show some freeware of remote access tools.

Figure TeamViewer [9]

Figure Windows Remote Desktop Connection [9]

Page | 16

White Paper-Remote Access Computing

Conclusion
War dialing is a simple, but insidious threat to large organizations. With the proliferation of remote access points, every telephone is potentially vulnerability. It is recommended that an Attended War dialing Sweep to ensure the highest integrity of results. An expert using good tools can recognize and find all computers set up for remote dial-in while the war dialing software alone cannot. Remote control technology has been around since DOS and OS/2 dominated the computer industry. However, since its inception in the 1980 remote control software has come a long way evolving into sophisticated, s, resourceful tools that provide much more than just simple remote control. With a number of remote control products on the market, it is important to know what features are truly beneficial in order to separate the good from the bad. Usability, security, platform support, and speed should all be taken into consideration when purchasing remote control software. A good remote control application will combine all these features to enable system administrators to monitor, address, and resolve all network related issues from a single desktop to provide superior network management.

Page | 17

White Paper-Remote Access Computing

Reference
[1] WM. ARTHUR CONKLIN, GREGORY B. WHITE, CHYCK COTHREN, DWAYNE WILLIAMS, REGER L. DAVIS, Principle of Computer Security, Security+Tm And Beyond, McGraw-Hill, 2004 [2] Microsoft Remote Access Introduction and Overview, http://technet.microsoft.com/enus/library/bb742490.aspx#XSLTsection122121120120

[3] Understand Remote Access, http://www.conjungo.com/technology/remoteaccess/why-remote-access

[4] Remote Access, http://www.cuyamaca.net/gainswor/security/remoteaccess.ppt

[5] AAA Overview,
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html

[5] Controlling Access, http://etutorials.org/Server+Administration/securing+windows+server+2003/Chapte r+14.+Remote+Access+Security/14.2+Controlling+Access/ [6] War dialing, http://en.wikipedia.org/wiki/War_dialing [7] War dialing, http://www.sans.org/reading_room/whitepapers/testing/wardialing_268 [8] Remote Access White Paper, http://www.sans.org/reading_room/whitepapers/threats/remote-access-whitepaper_476 [9] Five Best Remote Access Tools, http://lifehacker.com/5080121/five-best-remotedesktop-tools

Page | 18