Remote Access Vulnerabilities


Background.  We have talked about a variety of ways to gain remote access to systems.  We have also talked about vulnerabilities to each.  In this page I want to focus on general vulnerabilities to all remote access implementations.

Eavesdropping.  Listening in and/or observing other user's traffic.

  • passive attacks - data is observed but not modified
    • sniffing involves using a network to observe cleartext messages
    • protocols/approaches that send username and password information in cleartext are the most easily compromised
      • POP3 - Post Office Protocol 3
      • Telnet
      • rlogin

Data Modification.  There are quite a large number of ways that data can be intercepted and modified.

Identity Spoofing.  IP packet headers store information about transmission senders and receivers.  Because of this it is not too difficult to construct packets so that they look like they came from a different sender.

One fairly typical mode of attack is for a hacker to sniff on a public network, such a the Internet.  The hacker looks for packets that come from a source that is able to get through, is trusted by, a particular firewall.  Once the hacker discovers such a transmission source they might be able to construct their own packets and send them through this same firewall.

User Vulnerabilities.  Users sometimes write their login information on sticky notes and leave them places such as their monitors.  Other users are sometimes too careless when they allow others to watch them log onto a system.  Obviously their are other sorts of user vulnerabilities such as those gained through social engineering.

It should be obvious to any security professional that these sorts of vulnerabilities need to be eradicated.  One of the best approaches to diminishing such vulnerabilities is through user education.

We have talked about quite a number of other user vulnerabilities in other webpages.

Administrator Vulnerabilities.  One of the most pervasive things that admins fail to do is educate themselves about known vulnerabilities and fixes.  They might also fail to keep up to date with patches.

Almost all vendors, particularly well known ones, have their own websites where they post information, updates and patches for their products.  Some firms also provide email notifications.  Others also supply automatic updates.  Though, I have some experience with automatic updates actually causing new problems.

One of the things that admins need to do is harden their operating systems.  Hardening an OS means that all unrequired applications, services and protocols are disabled or maybe even completely removed.