Network Computingwww.networkcomputing.com

Securing Remote Access

Of all the information protection topics considered "hot" by network administrators, remote access must be at or near the top of the list. Organizations of all sizes are looking for ways to extend the network to the user, no matter where the user happens to be. But extending the network to the user poses potential security risks since intruders seek out these gateways and attempt to exploit them.

Remote access can be safe and effective with a few simple precautions. In this article, we'll provide a brief overview of how intruders attempt their break-ins and some tools and techniques you can use to foil them without forcing unnecessary hardship on your users.

How They Do It

The war dialer is nothing more than a database and an automated modem script, which dials every phone number in a group designated by the user. When it connects with a modem tone, the war dialer notes the phone number in a database. The intruder reviews the database, selects a likely target and attempts to hack it.

There is no effective defense against the war dialer, but you can make your system less attractive to the intruder. Don't use inviting welcome screens that the user sees be fore logging in; welcoming screens are a temptation for the cyberpunk.

The second tool is the password hacker, which takes several forms. The password hacker that uses a dictionary attack can be defeated by avoiding passwords that are in the dictionary. The other main method of attack is based upon the specifics of the network operating system. Both can be defeated by allowing only three attempts at login before the account is locked. The lock should be removed only by the system administrator, since it is important that he or she know about each incorrect attempt.

Both techniques depend upon a system that allows direct on-line interactive login to the network, which includes remote node and remote control systems. Unless you have a compelling reason not to, you should avoid either method.

Before we hear cries of outrage from the remote computing dependents, let's put this in perspective. There are times to allow unfettered access to a network or portion of a network, but unless you have a need to do that, don't. For example, if external access is required for electronic mail only, use a remote e-mail package that doesn't require interactive user connection to the network. Your system will be safer and your access costs will be lower, since the program conducts the remote session under strict controls. It exchanges messages faster than a manual connection and it is far more difficult to spoof than a regular communications program.

External intrusion is not your only risk in a remote access system. Unauthorized access by disgruntled or curious employees is a danger. As you develop your countermeasures, be sure to consider all aspects of risk including user error and equipment failure.

Selecting Countermeasures

In most cases, you will find that the access control measu res provided by remote access software products are not robust enough for any but the most trivial use. If you are going to depend upon such controls, be certain that the only information accessible is nonsensitive.

If an intruder can't break into a system using technology, he or she will attempt some form of human engineering -- if the effort is really worthwhile. Human engineering means that the intruder will try to get a legitimate user to disclose information that will allow an unauthorized login. This is a real danger when the intruder is an insider. In such cases, where information is sufficiently sensitive as to invite the effort, countermeasures such as tokens or dial back are in order. Now, let's return to some specific countermeasures.

First, the most effective protection comes in layers. ID and password constitute only a single layer of protection. As the information being protected becomes increasingly sensitive, you need additional layers of protection.

Those layers do not necessarily have to intrude on the user. Start with a simple administrative technique called compartmentalization. Compartmentalization means arranging your network's storage areas into security domains. Public information is isolated from private information and confidential information is the most isolated of all. Isolation means at least separate volumes, but separate servers are better if that is practical. Ensure that external access meets all of the usual access-control criteria for need to know. Unless there is a specific reason to make sensitive information available, don't. If you must, add extra access controls and isolate it to only those users who must access it.

The next likely layer of protection is the access controls that come with remote access programs. These programs generally perform some sort of proprietary handshake routine with the network gateway that establishes the connection attempt is legitimate. This method lacks security since the accomplished intruder will have copies of the remote ends of mos t remote access programs. That means that the first layer of protection -- that which is built into the remote software -- can be compromised easily even though passwords are used.

The next layer, also part of the remote package, is the ID/password pair. Follow rules of good passwords (seven or more characters, embedded numbers, and no dictionary words, names or initials) and ensure that there is a three-failure lockout. Many remote-control program developers will provide large organizations with a unique group of serial numbers in their copies of remote access software. Those serial numbers will only work with each other, so a rogue copy of the software will never complete the handshaking. This is an additional layer of protection that doesn't interfere with the user.

If you are providing access to sensitive information, however, you'll need to consider a more robust layer of security. This layer provides positive hardware-based protection as the first barrier to intrusion. These methods are impenetrable to the casual intruder (see sidebar, page 134, for products). To the skilled and determined intruder, they present a significant challenge, and unless the intruder uses human engineering and theft of a token, they offer the best protection available.

The first device is a token firewall. A token firewall is an access control device that presents a solid firewall unless the caller is authenticated by the correct use of a token or "smart card." For our purposes, a firewall is a hardware device that electrically and logically isolates the network from the caller until the caller is authenticated correctly. The token generates a one-time passcode that is synchronized with the firewall machine. To use the token, the user must know a secret personal identification number (PIN).

The second device is a dial-back system. The dial-back system is a firewall that requires ID/password authentication and then breaks the connection. It then re-dials the caller establishing that the caller is in a predetermined location as well as possessing the proper ID/password pair. Sometimes this type of system can be defeated by call forwarding. It is best used between unattended processes. In that case very long passwords (15 characters or more) may be used for authentication as an additional layer of protection.

The key to secure remote access is a combination of identifying threats and responding appropriately. Match the sensitivity of remotely accessible information with adequately robust countermeasures. Perform a risk assessment to ensure that you have identified all risks. Layer on protection. Understand how your system can be breached so that you can protect it. Remote access can be quite safe if you implement it wisely.

Peter Stephenson has been a consultant for the past 15 years. He is executive vice president of SandA International Corp., a Rochester Hills, MI, consulting firm. He can be reached at prsteph@mcimail.com.

Performing An Effective Risk Assessment

• Identification and authentication -- functions that identify and authenticate the user as legitimate and authorized.

• Access control -- functions that control which information assets the user may access and how he or she may access them.

• Accountability -- functions that record security-relevant actions.

• Object reuse -- functions that prevent reuse or scavenging information assets by unauthorized users after the asset's legitimate use by another user.

• Accuracy -- functions that ensure correctness and consistency of information.

• Reliability of service -- functions that ensure security and availability of information.

Suppliers of Remote Access Protection

Enigma Logic : Tokens -- Concord, CA, (800) 333-4416.

LeeMah DataCom Security Corp .: Dial-back modems and tokens --
Hayward, CA, (510) 293-3424.

Racal-Guardata : Tokens, dial-back modems -- Herndon, VA,
(703) 471-0892.

Ven-Te : Dial-back modems -- San Jose, CA, (800) 333-4416.

Security Dynamics : Tokens -- Cambridge, MA, (617) 547-7820.

Datamedia Corp. :Tokens -- Nashua, NH, (603) 886-1570.