Skip to content
Infosavvy Security and IT Management Training
  • Cybersecurity
    • Certified Ethical Hacker (CEHv10)
    • Certified Ethical Hacker (CEH) Version 11 | CEHv11
    • EC-Council Security Analyst v10 | ECSA
    • EC-Council Certified Incident Handler | ECIH v2
    • EC-Council Certified Chief Information Security Officer | CCISO
    • Computer Hacking Forensic Investigator | CHFI
    • Certified Threat Intelligence Analyst | CTIA
    • Certified Application Security Engineer | CASE Java
    • Certified Application Security Engineer | CASE .Net
    • Certified Network Defender (CND)
    • Certified Secure Computer User (CSCU)
  • Compliance
    • ISO 27001 Lead Auditor Training And Certification ISMS
    • PCI DSS Implementation Training and Certification
    • ISO 27701 Lead Auditor Training & Certification
    • Certified Lead Implementer | ISO 27001
    • ISO 31000 Risk Management | Certified Risk Manager
    • Personal Data Protection & General Data Protection Regulation Training & Certification
    • GDPR & ISO 27701 LA Combo Training
    • Sarbanes Oxley (SOX) Training and Implementation Workshop
  • Security & Governance
    • Certified Information Security Manager | CISM
    • Certified in Risk and Information Systems Control | CRISC
    • Certified Information Systems Auditor | CISA
    • Certified Information System Security Professional | CISSP
    • EC-Council Certified Chief Information Security Officer | CCISO
    • COBIT5 2019 Foundation Training
  • Other Certifications
    • Quality & Compliance
      • Quality
        • ISO 31000 Core Risk Manage Training & Certification
        • ISO 31000 Risk Management | Certified Risk Manager
        • ISO 9000-2015 Implementation
        • ISO 9000-2015 Lead Auditor
      • Information Technology
        • ISO 27001 Lead Auditor Training And Certification ISMS
        • ISO 27701 lead auditor
        • PCI DSS Implementation Training and Certification
        • Certified Lead Implementer | ISO 27001
        • ISO 20001 ITSM Foundation
        • ISO 20001 ITSM Implementation
        • ISO 22301 BCMS Foundation
        • ISO 22301 BCMS Implementation
      • IT Management
        • IT Operations
          • Foundation
            • ITIL Foundation
          • Intermediate
            • ITIL Intermediate Service Transition
            • ITIL Intermediate Operational Support and Analysis
            • ITIL Intermediate Planning Protection and Optimization
            • ITIL Intermediate Release, Control and Validation
            • ITIL Intermediate Service Design
            • ITIL Intermediate Service Offering and Agreement
            • ITIL Intermediate Service Operation
            • ITIL Intermediate Service Strategy
            • ITIL Intermediate Continual Service Improvement
          • Expert
            • ITIL Expert Managing Across The Lifecycle
        • Project & IT Management
          • Agile Scrum Master
          • Prince2 Foundation and Practitioner
          • Project Management Professional (PMP)
          • COBIT5 2019 Foundation Training
          • COBIT 5 Implementation
        • Statistics
          • Lean Six Sigma Green Belt
          • Six Sigma Green Belt
    • Cloud Computing
      • AWS Certified Solutions Architect | Associate
      • Microsoft Azure Infrastructure Solutions
  • Training Calendar
  • Accreditation
  • Resources
    • Blog
    • Knowledge Base
    • iQuiz | Cyber Security & Management QnA
    • Tools
      • Google Hacking Queries
        • Find Login Pages
        • Publicly exposed documents

CISSP Remote Access – Bk1D4T3St3

The Remote Access interconnected computing platforms, the strengths of multimedia collaboration, and the globalization of business are some of the forces that have made decentralized workplace arrangements more common. Telecommuting, or working remotely, occurs when a person separated from the main corporate compute and storage plat- forms accesses them from another location, such as their personal home, via a laptop. There is also a growing reliance on cloud-hosted resources, where employees on the protected LAN need to remotely access vital infrastructure hosted by a cloud service provider.

When telecommuting or using cloud-based resources, the user might use one of the following access paths:
  • Using a modem to dial up directly to a remote access server (an insecure and almost obsolete technology)
  • Connecting to a network over the Internet through a VPN
  • Connecting to a terminal server system or an access gateway through a thin-client connection

The first two examples use fully capable clients. The connections that are established make the endpoint appear as any other node on the private network. It has all of the permissions and access that it would have if it was physically connected locally on the LAN and inside the perimeter firewall. The user who is remotely accessing terminal services is constrained to the resources made available by the proxy terminal server. The person accessing cloud-hosted systems might use a VPN over public infrastructure. Data cannot traverse outside of the network. Work is conducted inside the private network and not on the device that is connected at the distant end.

NOTE Telecommuting existed before the Internet and multimedia made the practice a business imperative. The term has roots in the original description of telecommuting, which implied the use of telephony to connect workers and customers. Teleconferences over POTS, PTSN, and PBXs with geographically separated individuals conducting business meetings were an example of the first versions of telecommuting.

Remote Access for Telecommuting

For telecommuting to be productive and successful, a person would need to have access to many of the same or comparable resources at a remote location as they would have at the primary office. Access to email, shared storage, and the capability to attend meetings virtually are necessary. Telecommuters use many remote access techniques to establish the required connectivity to the business office network. There are four main types of remote access techniques:

  • Service specific: If a service such as email via Outlook Web Access (OWA) is needed, a service-specific remote access capability allows users to remotely connect to and use it. Service-specific capabilities are not limited to web-enabled versions of on-premises applications. Terminal service access can be limited to a time and attendance application, for example.
  • Remote control: Common applications for remote control or remote access are help desk or Tier 1 support and employee training functions. Remote control allows an authorized user to gain remote access to another system and take full control as if they were physically in front of the distant system. There are significant security concerns with remote access. Potential vulnerabilities include bruteforce attacks hackers are using to exploit the proprietary Remote Desktop Protocol (RDP) that Windows environments use to enable Windows Remote Desktop and Terminal sever.
  • Screen scraping: This process provides a virtual application or virtual desktop experience to the distant end In a process known as screen scraping, the office target system serves up the information on the screen and presents it to the remote operator. During screen transmission, there are risks of unauthorized disclosure or compromise, so security professionals will want to implement encryption with any screen scraper solutions. A second definition is the technology that automates both the use of a user interface and the transfer of   the results.
  • Remote node operation: Becoming less and less common, remote node operation is another description for modem dial-up access. Through a remote server, a remote client is provided access to other network resources and, in some cases, the Internet.

NOTE There is another version of screen scraping technology that is not necessarily the same as allowing remote access. However, much as the target system serves up a screen scrape to the distant system, some automated data extraction tools perform a similar feature for easier human interaction. In a search engine like Google, the human data requestor is guided to the relevant screen information based on the search inquiry.

Remote Access Security Management

Organizations that allow for remote access are extending their risk beyond the figurative corporate walls. With the expansion of risk come additional security requirements. The private network can be compromised by remote access attacks. Figure 4.16 illustrates some common areas of increased risk of remote access. There are many security controls that can be put in place, and a few of the most important categories of control are as follows:

  • A strong authentication system is required, multifactor authentication is the standard to mitigate credential theft.
  • Limit remote access to only those who need it and who routinely use it.
  • Implement encryption across the transmission link appropriate to remote connectivity needs to include one or more of these examples: VPNs, SSL, TLS, SSH, and IPSec.
  • Understand that a VPN is not a complete security An end user who can authenticate and establish a VPN may be accessing the network with an infected computer or mobile device. As discussed throughout the chapter, endpoint security is also essential. Combinations of security controls are needed to manage and safeguard the remote access workforce.

Remote

Authentication Approaches

Because remote access expands the private network beyond the corporate environment, invalidates many of the physical controls in place, and increases information risk for  the organization, taking extra precaution with authentication of remote access users is worth exploring further. There are specific remote access protocols and services that an organization will use to strengthen credential management and permissions for remote clients and users. Most likely, the use of a centralized remote access authentication system should be in place. Some examples of remote authentication protocols are Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), Extensible Authentication Protocol (EAP, or its extensions PEAP or LEAP), Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control System Plus (TACACS+).

Centralized Remote Authentication Services

Centralized remote authentication services add an extra layer of protection between the remote access clients and the private, internal network. Remote authentication and authorization services using a centralized server are different and separated from the similar services used for network clients locally. This is important because in the event a remote access server is compromised, the entire network’s authentication  and authorization services are unaffected. A few leading examples are RADIUS and TACACS+.

  • RADIUS: Dial-up users pass login credentials to a RADIUS server for authentication. This is similar to the process used by domain clients sending login credentials to a domain controller for authentication, although RADIUS is no longer limited to dial-up users.
  • Diameter: Diameter is essentially the successor to RADIUS. One significant improvement Diameter provides is added reliability.
  • TACACS: This is an alternative to RADIUS. TACACS is available in three versions: original TACACS, Extended TACACS (XTACACS), and TACACS+. TACACS integrates the authentication and authorization XTACACS keeps the authentication, authorization, and accounting processes separate. TACACS+ improves XTACACS by adding two-factor authentication. TACACS+ is the most current and relevant version of this product line.

Virtual Private Network

A VPN is a communication tunnel through an untrusted network and establishes a secure, point-to-point connection with authentication and protected data traffic. Most VPNs use encryption to protect the encapsulated traffic, but encryption is not necessary for the connection to be considered a VPN.

The most common application of VPNs is to establish secure communications through the Internet between two distant networks. There are other examples and uses of VPNs that should be appreciated

  • Inside a private network for added layers of data protection
  • Between end-user systems connected to an ISP
  • The link between two entire private networks
  • Provide security for legacy applications that rely on risky or vulnerable communication protocols or methodologies, especially when communication is across a network
  • Provide confidentiality and integrity, but not availability, over insecure or untrusted intermediary networks
Tunneling

The concept of tunneling is fundamental to understanding how VPN works. Tunneling  is the network communications process that encapsulates a packet of data with another protocol to protect the initial packet. The encapsulation is what creates the logical illusion of a communications tunnel over the untrusted intermediary network, i.e.,   the traffic is only visible to the systems on either end of the tunnel. At the ends of the tunnel, the initial protocol packet is encapsulated and de-encapsulated to accomplish communication.

A physical world analogy to help illustrate tunneling is the traditional U.S. postal service. A letter is the initial data protocol. The envelope it is mailed with is the tunneling protocol. The transport through the postal distribution system is the untrusted intermediary network. If all goes well, the letter is received by the intended recipient, and no unauthorized personnel viewed the contents.

In situations where bypassing a firewall, gateway, proxy, or other networking device is warranted, tunneling is used. The authorized data is encapsulated, and the transmission  is permitted even though access inside the tunnel is restricted. An advantage of tunneling is that traffic control devices cannot block or drop the communications because they cannot interrogate the packet contents. This can be useful in streamlining important content and connections. However, this capability is also a potential security problem, as security devices meant to protect the private network from malicious content cannot scan the packets as they arrive or leave. This is particularly true if tunneling involves encryption. The sensitive data will maintain confidentiality and integrity. However, again, the data is unreadable by networking devices.

Tip Tunneling can be used to create a routable solution with minimal protocols for nonroutable protocols because the nonroutable primary packet is encapsulated by a routing protocol.

The inability of security professionals to monitor the content of traffic within the tunnel is not the only concern with tunneling. There is an increased amount of message overhead when using multiple protocols. Each one probably has its own error detection, error handling, acknowledgment, and session management elements. This adds to complexity and processing time. The tunnel packet is larger in size or length than a normal data packet. This calls for more bandwidth resources that compete with other network resources. Network saturation and bottlenecking can happen quickly. In addition, tunneling is a point-to-point communication mechanism and is not designed to handle broad- cast traffic.

How VPNs Work

From understanding tunneling, a better appreciation of how VPN works is possible. A VPN link is possible to connect any network communication connection. This is discussed in the portion of this chapter regarding telecommunications because a VPN can connect a remote access employee client across the Internet to the company private network.

VPNs can also be established over wired cabling connections, wireless connections, a remote access dial-up connection, or a WAN link. The connections are established using in-line VPN devices or appliances added to a network for the purpose of creating and monitoring the VPN tunnels separately from server or client OSs. The logical connection provides services and access much like a direct local connection. The performance differences may be significant because connection speeds may be slower based on constraints of the intermediary network. The protections provided by VPNs are only effective within the tunnel, so when the VPN connects two separate networks, internal network security policies are relevant. Traffic is unprotected within the source network, protected between the border VPN servers, and then unprotected again once it reaches the destination network. The start and end connection points for VPN are on remote access servers or firewalls on the network’s border. The key point is that one network may have lower security requirements than the other. The VPN connection does not necessarily mitigate the variation.

The Proliferation of Tunneling

Normal use of Internet services and corporate networks permits daily use of tunneling that is almost transparent to regular end users. There are many common uses. Many websites resolve the connection over a SSL or TLS connection. That is an example of tunneling. The cleartext web communications are tunneled within an SSL or TLS session. With Internet telephony or VoIP systems, voice communication is being encapsulated inside a VoIP protocol.

VPN links provide a cost-effective and secure pathway through the Internet for the connection of two or more separated networks. This efficiency is measured against the higher costs of creating direct or leased point-to-point solutions. Additionally, the VPN links can be connected across multiple ISPs.

Common VPN Protocols

VPNs can be implemented using software or hardware solutions. In either case, there are variations and combinations based on how the tunnel is implemented. There are four common VPN protocols that provide a foundational view of how VPNs are built:

  • PPTP: Data link layer (layer 2) use on IP networks
  • L2TP: Data link layer (layer 2) use on any LAN protocol
  • IPSec: Network layer (layer 3) use on IP networks

NOTE  SSL/TLS can also be used as a VPN protocol, not just as a session encryption tool operating on top of TCP.

Point-to-Point Tunneling Protocol (PPTP)

This was developed from the dial-up protocol called Point-to-Point Protocol (PPP). It encapsulates traffic at the data link layer (layer 2) of the OSI model and is used on IP networks. It encapsulates the PPP packets and creates a point-to-point tunnel connecting two separate systems. PPTP protects the authentication traffic using the same authentication protocols supported by PPP:

  • Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
  • CHAP
  • PAP
  • EAP
  • Shiva Password Authentication Protocol (SPAP)

Tip Microsoft used proprietary modifications to develop Microsoft Point-to-Point Encryption (MPPE). This protocol should not be confused with the version of PPTP in the RFC 2637 standard.

NOTE Something to be aware of is that session establishment for PTPP is not encrypted. The authentication process shares the IP addresses of sender and receiver in cleartext. The packets may even contain usernames and hashed passwords, any of which could be intercepted by a MitM attack.

Layer 2 Tunneling Protocol

Layer 2 Tunneling Protocol (L2TP) was derived to create a point-to-point tunnel to connect disparate networks. This protocol does not employ encryption, so it does not provide confidentiality or strong authentication. In conjunction with IPSec, those services are possible. IPSec with L2TP is a common security structure. L2TP also sup- ports TACACS+ and RADIUS. A most recent version, L2TPv3, improves upon security features to include improved encapsulation and the ability to use communication technologies like Frame Relay, Ethernet, and ATM, other than simply PPP over an IP network.

IP Security (IPSec) Protocol

IPSec is both a standalone VPN protocol and the security mechanism for L2TP. It is limited to use with IP traffic. However, it is the most common VPN protocol in use today. IPSec has more of the desired security features like secured authentication, and it enables encrypted data transmission. IPSec has two primary components, or functions:

  • Authentication Header (AH): Provides authentication, integrity, and nonrepudiation. The primary purpose of the AH is to confirm the origin source of the packet. Also, it ensures the contents of both the header and the payload have not In short, the AH provides integrity.
  • Encapsulating Security Payload (ESP): Provides encryption to protect the confidentiality of transmitted data, but it can also perform limited authentication. The ESP provides confidentiality and typically encrypts the payload but not the packet Following the IP header is the ESP header, which includes a sequence number. After the ESP header is the payload data and then the integrity check. Padding may be included if necessary.

NOTE ESP actually operates at the network layer (layer 3). It has the added flexibility to operate in transport mode or tunnel mode. In transport mode, the IP packet data is encrypted, but the header of the packet is not. In tunnel mode, the entire IP packet is encrypted, and a new header is added to the packet to govern transmission through the tunnel. Each has its own benefits depending on the available network bandwidth and sensitivity of the information.

Inquire Now

Recent Posts

  • Scenaro : 1. Victim opens the attacker’s web site. 2. Attacker sets up a web site which contain interesting and attractive content like ‘Do you want to make $1000 in a day? 3. Victim clicks to the interesting and attractive content URL. 4. Attacker creates a transparent ‘iframe’ in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks on the ‘Do you want to make $1000 in a day?’ URL but actually he/she clicks on the content or URL that exists in the transparent ‘iframe’ which is setup by the attacker. What is the name of the attack which is mentioned in the scenario?
  • Sam is working as a system administrator in an organization . He captured the principle characteristics of a vulnerability and produced a numerical score to reflect its severity using CVSS v3.0 to properly assess and prioritize the organization’s vulnerability management processes. The base score that Sam obtained after performing CVSS rating was 4.0 What is CVSS severity level of the vulnerability discovered by Sam in the above scenario?
  • Clark , a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrive information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?
  • John a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victim and scanned several machines on the same network to identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by john in the above scenario?
  • An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the INTERNET. To empower the manufacturing processs, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization decided to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attack, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?

Product categories

  • Cyber security
  • IT Management
  • IT Security & Governance
  • Quality & Compliance
  • Technology
  • Top Business and IT Certification
  • Top Business and IT Certification Courses for 2020
  • Uncategorized

Quick Menu

  • About Us
  • Resources
    • Our Blog
    • iQuiz – Cyber Security and Management
    • Access to Cloud Computing
  • Cancellations and Refunds
  • Terms And Conditions
  • Privacy Policy
  • About Us

Course Categories

  • Cyber security
  • IT Management
  • IT Security & Governance
  • Quality & Compliance
  • Technology
  • Top Business and IT Certification
  • Top Business and IT Certification Courses for 2020
  • Uncategorized

Course Categories

  • Cyber security
  • IT Management
  • IT Security & Governance
  • Quality & Compliance
  • Technology
  • Top Business and IT Certification Courses for 2020
  • Uncategorized

Quick Menu

  • About Us
  • Resources
    • Our Blog
    • iQuiz – Cyber Security and Management
    • Access to Cloud Computing
  • Cancellations and Refunds
  • Terms And Conditions
  • Privacy Policy
  • About Us

Contact us

Recent Posts

  • Scenaro : 1. Victim opens the attacker’s web site. 2. Attacker sets up a web site which contain interesting and attractive content like ‘Do you want to make $1000 in a day? 3. Victim clicks to the interesting and attractive content URL. 4. Attacker creates a transparent ‘iframe’ in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks on the ‘Do you want to make $1000 in a day?’ URL but actually he/she clicks on the content or URL that exists in the transparent ‘iframe’ which is setup by the attacker. What is the name of the attack which is mentioned in the scenario?
  • Sam is working as a system administrator in an organization . He captured the principle characteristics of a vulnerability and produced a numerical score to reflect its severity using CVSS v3.0 to properly assess and prioritize the organization’s vulnerability management processes. The base score that Sam obtained after performing CVSS rating was 4.0 What is CVSS severity level of the vulnerability discovered by Sam in the above scenario?
  • Clark , a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrive information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?
  • John a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victim and scanned several machines on the same network to identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by john in the above scenario?
  • An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the INTERNET. To empower the manufacturing processs, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization decided to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attack, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?
  • Ralph, a professional hacker, targeted Jane , who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane’s company using this opportunity and gathered sensitive informations by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on Jane?
  • Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed in the above scenario?

Find Us Here

INFO-SAVVY.COM
Address: 2nd Floor Sai Niketan Opp Borivali Railway Station Borivali West Mumbai Maharashtra 400092 INDIA
Call us on
+91 93249 42613/ +91 70455 40400
Email: shaheen@info-savvy.com
Business Hours: 10:00 am – 6:00 pm Mon – Sat

Follow us!

Refer & Earn

Copyright © 2025 Infosavvy Security and IT Management Training | Certification Partner InfoCerts.com

Infosavvy Inquire now

No Fields Found.