RJR is a re-seller of the Bomgar remote support solution which easily and securely supports computing systems and mobile devices. To learn more about the product contact sales@rjrinnovations.com
Today, no CIO is safe from a data breach. In 2013 alone, we have already seen major data breach reports from big government organizations, hospitals, restaurant chains and some of the most revered technology companies. But even though we cannot completely protect ourselves from hackers, we can reduce our risk by making it a lot harder for them to do their dirty work.
In 2008, the Verizon Business RISK team issued the first in what has become an annual report analyzing hundreds of actual data breaches. One of the angles they examine is what “attack pathway” hackers use to gain access to confidential data. According to that first report, “In over 40 percent of the breaches investigated during this study, an attacker gained unauthorized access to the victim via one of the many types of remote access and control software,” and “In many of these cases, the remote access account is configured with default settings, making the attacker’s job all too easy.”
In the five years since that report came out, it would seem obvious to assume that IT organizations have secured their remote access and control software against hackers. But in the most recent Data Breach Investigations Report, the Verizon team discovered, “Remote access services (e.g., VNC, RDP) continue their rise in prevalence, accounting for 88 percent of all breaches leveraging hacking techniques—more than any other vector.” How can that be? How could the percentage of attacks via remote access more than double even after loud warnings every single one of the last five years?
Service desk reps, IT administrators, and application specialists use remote control and remote access tools every day to access, control and fix remote systems. In most organizations you can find four or five different remote access products without even digging. (In one large IT outsourcer I know, they found seventeen.) Unfortunately, a lot of these products are legacy, point-to-point remote access tools that provide few security controls and are easily hacked. And in many cases, the CIO and other IT leaders do not even know they are in use.
The good news is, it is fairly easy and cost-effective to replace these unsecure remote access tools. But first you must determine if you are at risk. The following questions will help you determine whether you are unknowingly holding a door open to hackers.
What architecture does your remote support tool use?
Many older remote support products are point-to-point, and by default, do not work well through firewalls. This architecture encourages administrators to port forward through their firewall and create listening ports that are accessible via the Internet. Hackers can find these ports through a simple Internet scan, which is why they are such a popular attack pathway.
Many of the newer remote access tools are based on a SaaS (Software as a Service) model. This resolves some of the security issues with the point-to-point solutions, but also introduces a new concern. By routing all of your remote support sessions through a third-party, you are increasing your perimeter of risk.
The third architecture option is an appliance-based solution. With an on-premises appliance, all remote support data and system access is kept within your own network, behind your own security measures.
Ask your team: Are they using more than one remote access tool? Are any of those creating open listing ports that can easily be found by hackers? Are you routing sensitive remote support data and access through a third-party vendor, and if so, do they meet your security criteria?
How is remote support users authenticated?
In many legacy products, authentication takes place at the client level, which means the support rep is logging in with a local password versus a domain password. This encourages the use of shared passwords and/or default login credentials. Also, many SaaS remote support products do not integrate with internal directories and offer named-seat licensing models (where each license has to be tied to a single person’s name/account), increasing the motivation to create ‘tech1, tech2’ type user names that undermine auditing.
A few questions to ask here: can you integrate remote support with your existing identity management and authentication tools (LDAP, Active Directory, RADIUS and Kerberos to name a few)? Can you apply permissions and password policies at the group and individual level to make logging in in a non-secure way more difficult?
What type of controls do you have over system access? Many older remote access solutions have binary access, so once you are in, you are in. Either you have full access to everything on the end system or you do not have access at all. As convenient and as easy as this method may sound, if any default login credentials fall into the wrong hands, this all-or-nothing access model can be IT’s worst nightmare.
Can remote support permissions be assigned granularly, enabling administrators to give reps only the privileges they need and no more? And when greater permissions are needed for a particular remote support session, can they be given on a one-off basis by higher-tier reps or administrators?
Can you track everything that happens through remote access?
The audit feature is non-existent among older products. With nothing in the middle of a point-to-point connection, remote control sessions slip away in the night (or day) without any record that they ever took place. This is very convenient for hackers.
The security aspect of auditing features in remote support is having on file exactly what happens in each support session, such as chat transcripts and files transferred. Can you keep detailed logs of complete session activity? How about video logs of the session itself? How do you track and log administrative activity?
By asking these simple questions, you may quickly discover that your organization is unintentionally making itself an easy and attractive target for hackers. But if you can address these remote access vulnerabilities, you will not only reduce your risk of a data breach, you will hopefully help to bring that 88 percent number down next year.
Article by: Joel Bomgar, Founder & CEO, Bomgar
Original Article: http://www.cioreview.com/magazine/Are-You-Opening-a-Door-for-Hackers-RUPX228320859.html