4.9 - Remote Access

Question 1

Remote desktop connections

Answer 1

• Share a desktop from a remote location
  – It’s like you’re right there
• RDP (Microsoft Remote Desktop Protocol)
  – Clients for Mac OS, Linux, and others as well
• VNC (Virtual Network Computing)
  – Remote Frame Buffer (RFB) protocol
  – Clients for many operating systems
  – Many are open source
• Commonly used for technical support
  – And for scammers

Question 2

Remote desktop security

Answer 2

• Microsoft Remote Desktop
  – An open port of tcp/3389 is a big tell
  – Brute force attack is common
• Third-party remote desktops
  – Often secured with just a username and password
  – There’s a LOT of username/password re-use
• Once you’re in, you’re in
  – The desktop is all yours
  – Easy to jump to other systems
  – Obtain personal information, bank details
  – Make purchases from the user’s browser

Question 3

VPNs

Answer 3

• Virtual Private Networks
  – Encrypted (private) data traversing a public network
• Concentrator
  – Encryption/decryption access device
  – Often integrated into a firewall
• Many deployment options
  – Specialized cryptographic hardware
  – Software-based options available
• Used with client software
  – Sometimes built into the OS

Question 4

Client-to-site VPN

Answer 4

• On-demand access from a remote device
  – Software connects to a VPN concentrator
• Some software can be configured as always-on

Question 5

VPN security

Answer 5

• VPN data on the network is very secure
  – The best encryption technologies
• Authentication is critical
  – An attacker with the right credentials can gain access
• Almost always includes
  multi-factor authentication (MFA)
  – Require more than just a username and password

Question 6

SSH (Secure Shell)

Answer 6

• Encrypted console communication - tcp/22
• Looks and acts the same as Telnet - tcp/23

Question 7

SSH security

Answer 7

• The network traffic is encrypted
  – Nothing to see in the packets
• Authentication is a concern
  – SSH supports public/private key pair authentication
• Certain accounts should be disabled in SSH
  – For example, root
  – Consider removing all
  password-based authentication
• Limit access to SSH by IP address
  – Configure a local firewall or network filter

Question 8

RMM

Answer 8

• Managed Service Providers (MSP)
  – Many customers and systems to monitor
  – Many different service levels
• Remote Monitoring and Management (RMM)
  – Manage a system from a remote location
• Many features
  – Patch operating systems
  – Remote login
  – Anomaly monitoring
  – Hardware/software inventory

Question 9

RMM security

Answer 9

• A popular attack point
• The RMM has a great deal of information and control
• Access should be limited
  – Don’t allow everyone to connect to
  the RMM service
• Auditing is important
  – Know who’s connecting to which devices and
  what they’re doing

Question 10

Microsoft Remote Assistance (MSRA)

Answer 10

• Get access to a remote user’s desktop
  – No firewall configurations or port forwarding required
• User makes a request
  – Sends an invitation with the details
• Technician connects
  – Uses the password in the request
• Replaced by Quick Assist in Windows 10 and Windows 11
  – The latest version of MSRA

Question 11

MSRA/Quick Assist security

Answer 11

• No ongoing Remote Desktop service required
  – Avoids unintended access
  – No port forwarding
• Email with invitation details is always a concern
  – Consider using voice communication
• Perhaps a bit too easy to use
  – Social engineering can be an issue

Question 12

Third-party tools

Answer 12

• Screen-sharing
  – See and control a remote device
  – GoToMyPC, TeamViewer
• Video-conferencing
  – Multi-user meetings with video and audio
  – Zoom, WebEx
• File transfer
  – Store and share documents in the cloud
  – Dropbox, Box.com, Google Drive
• Desktop management
  – Manage end-user devices and operating systems
  – Citrix Endpoint Management, ManageEngine
  Desktop Central