Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Month - Day 19 - Remote Access Tools

Published: 2010-10-19
Last Updated: 2010-10-19 13:50:47 UTC
by Rob VandenBrink (Version: 1)
0 comment(s)


With all the changes in remote access via VPN, other Remote Access technologies tend to get lost a  little bit.  Things like reverse SSL proxy access to terminal servers for instance.  We still see lots of these out there, and they have a lot of technical advantages. For instance, depending on the architecture, often the station that is providing the screen and keyboard to the end user never has access to the internal network at all - this gets around a lot of the issues people have about non-corporate computers accessing corporate networks.

We're also seeing more and more functions that used to be delivered by remote access VPN, but are now offered up on the public internet for all and sundry as web applications, protected only by a userid and password.  The fact that these apps are quite often not tested for secure coding as they are built is often completely overlooked.  What is also overlooked is that the userids to these sites can usually be harvested from the company website or linkedin, and the passwords can often be harvested from the company website or from any of the standard (language specific) wordlists.  Mind you, after taking SEC542, I'm starting to think that passwords are over-rated - in many cases on these applications you can simply bypass authentication completely !

=============== Rob VandenBrink Metafore ===============

0 comment(s)
Diary Archives