Remote Access – CompTIA Security+ SY0-401: 1.3

Most of us rely on remote connectivity to enable us to perform our job. In this video, you’ll learn the important security considerations for remote access.

<< Previous Video: Network Address TranslationNext: Telephony >>

We’ve created all of these security infrastructure devices, and firewalls, and network address translations, and network access controls because we’re always concerned about who’s connecting to our network.

Well, now, of course, our users are much more mobile. They are in coffee shops. They’re in home offices. They’re traveling around the world. But they still need access to important resources that are on the inside of the network, and that is one of the primary balancing acts you have as a security professional, is how do you provide the important business access to these devices but still keep everybody secure?

So, remote access becomes a very, very important component of this. Whenever you start looking at how you’re going to get people to communicate back securely into your network, you’re almost always going to use some type of encryption technology. In later videos, we’re going to talk about some very specific methods of being able to authenticate and encrypt traffic, especially over a remote access piece.

But obviously, encryption is incredibly important because you have no idea who on the internet might have access to this data as it’s flowing through. If you’re in a hotel, the hotel certainly has access to that. In fact, other people within the hotel who are staying there might have access to your data as well. It’s very common on wireless networks for people to sniff the air– be able to find information that you may be sending in the clear. So, creating an encrypted tunnel prevents some of those things from happening.

You might also want to add on additional technologies to provide additional authentication functions– for instance, be able to have a token generator of some kind, whether a hardware token generator or one in software, that’s constantly providing these pseudo-random numbers to you.

So, not only do you have to put in your username and your password, but you also have to put in some other piece of information. Usually, it’s based on something that you have with you, something like a token generator. You have to now type in username, password, and 778645, and hit Enter.

And these numbers, of course, are updating themselves every 30 seconds, every 60 seconds. So, when your end server sees that this is your username. This is your password. A-ha, that must be you because you happen to know the secret number that was popping up during that last 60-second period– now, just another method, another thing that we can add to make sure that people from outside are really who we think they are.

If you’re doing any type of remote access, you should always be looking at your logs. You should always be checking them to determine who’s who is connecting from where. And you can also set up methods within your remote access devices to make sure that people aren’t logging in from multiple places. If somebody’s mobile and you see that they’re logging in from Starbucks in one city and Starbucks in another city, you might need to question that. One person obviously can’t be in two places at once.

So, you not only want to look at your logs and see if that’s happening, but also set up some security controls within your remote access equipment to make sure something like that doesn’t happen.