Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Remote Access Tools Policy John Jarocki May 2010 GIAC GSEC, GCIA, GCIH, GCFW, GPEN.

Published byDominick Carter Modified over 8 years ago

Similar presentations

Presentation on theme: "1 SANS Technology Institute - Candidate for Master of Science Degree 1 Remote Access Tools Policy John Jarocki May 2010 GIAC GSEC, GCIA, GCIH, GCFW, GPEN."— Presentation transcript:

1 1 SANS Technology Institute - Candidate for Master of Science Degree 1 Remote Access Tools Policy John Jarocki May 2010 GIAC GSEC, GCIA, GCIH, GCFW, GPEN

2 SANS Technology Institute - Candidate for Master of Science Degree 2 Objective 1.Define Remote Access Tools 2.List benefits 3.Describe risks 4.Explain why a policy is needed 5.Provide policy guidance

3 SANS Technology Institute - Candidate for Master of Science Degree 3 What are remote access tools?  Remote Access is “the ability to access your computer from a remote location,” and “the ability to control the machine once the connection is made.” Source: TechTerms.com  Remote Access is “the ability to access your computer from a remote location,” and “the ability to control the machine once the connection is made.” Source: TechTerms.com Examples: VNC (Virtual Network Computing) Windows Remote Desktop GoToMyPC LogMeIn WebEx Examples: VNC (Virtual Network Computing) Windows Remote Desktop GoToMyPC LogMeIn WebEx

4 Remote access value Benefits: Money saved on commuting Remote access to jobs in progress Real-time team collaboration 24x7 Tech support SANS Technology Institute - Candidate for Master of Science Degree 4

5 Remote access risks Risks: –Unauthorized access –Malware –Data theft –Compliance –Transitive trust SANS Technology Institute - Candidate for Master of Science Degree 5

6 More subtle risks Several remote access tools have known vulnerabilities or even just “features” users are not aware of Securing them properly requires careful control of versions and configuration Let’s look at VNC in more detail... SANS Technology Institute - Candidate for Master of Science Degree 6

7 VNC Virtual Network Computing Originally created at Olivetti Research Labs Security concerns: –Older and free versions do not encrypt data –Weak password hash and challenge-response –Various vulnerabilities exist Recommendations: –Use Enterprise version, ssvnc, or wrappers SANS Technology Institute - Candidate for Master of Science Degree 7

8 8 Why do we need a remote access tools policy? The benefits are obvious, but the policy should clarify the risks Users are bombarded with ads for the “latest, greatest” tools Guidelines can educate and empower

9 SANS Technology Institute - Candidate for Master of Science Degree 9 Policy recommendations  The policy should provide a set of requirements for acceptable remote access tools Multi-factor authentication Replay attack defense Strong encryption Configuration and reporting

10 SANS Technology Institute - Candidate for Master of Science Degree 10 Summary Remote access tools have many benefits But poorly implemented, they add risk The policy should: Define acceptable use Discuss the cost / benefit equation Provide guidance and clarification

Download ppt "1 SANS Technology Institute - Candidate for Master of Science Degree 1 Remote Access Tools Policy John Jarocki May 2010 GIAC GSEC, GCIA, GCIH, GCFW, GPEN."

Similar presentations

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Steganography Then and Now John Hally May 2012 GIAC GSEC, GCIA, GCIH, GCFA, GCWN,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Steganography Then and Now John Hally May 2012 GIAC GSEC, GCIA, GCIH, GCFA, GCWN,
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Scoping Security Assessments: A Project Management Approach Lack of planning is.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Scoping Security Assessments: A Project Management Approach Lack of planning is.
SANS Technology Institute - Candidate for Master of Science Degree Design Phase 1 of an iPhone Rollout Mark Baggett, Jim Horwath June 2010.

SANS Technology Institute - Candidate for Master of Science Degree Design Phase 1 of an iPhone Rollout Mark Baggett, Jim Horwath June 2010.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Baselining Windows and Comparative Analysis: Quick and Easy Kevin Fuller May 2012.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Baselining Windows and Comparative Analysis: Quick and Easy Kevin Fuller May 2012.
PC Anywhere By: Neil Meharu Jewel Libid Pete Ramirez Lynn Hy.

PC Anywhere By: Neil Meharu Jewel Libid Pete Ramirez Lynn Hy.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 A Preamble into Aligning Systems Engineering and Information Security Risk Dr. Craig.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 A Preamble into Aligning Systems Engineering and Information Security Risk Dr. Craig.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Information Security Policies and Standards

Information Security Policies and Standards
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Microsoft Technology Associate

Microsoft Technology Associate

Similar presentations

Ads by Google