Remote Access Security Management
Remote access
Dial up modem to a remote access server
Over the Internet through a VPN
Connecting to a terminal server system through a thin client
connection
Office located PC using remote desktop
Using a cloud based desktop
Users should be stringently authenticated before granting access
Only allow those users with a specific need for remote access have it
Plan Remote Access Security
Remote Connectivity Technology
o Each connection has its own type of security issues
Transmission Protection
o Use the appropriate combination of secured and encrypted
services
Authentication Protection
o Logon credentials need to be properly secured - PAP, CHAP, EAP,
PEAP, or LEAP - Radius or TACACS+
Remote User Assistance
o Must have a means established to provide user assistance
Dial Up protocols
Point-to-Point PPP - full duplex protocol used for transmitting TCP/IP
packets communications over async serial connections
Serial Line Protocol - SLIP - older tech that supports TCP/IP as above -
rarely used
Centralized Remote Authentication ServicesRADIUS - Remote Authentication
Dial-In User Service - centralized authentication of remote dial up - operates
on several ports UDP 1812 and TCP 2083
1
Remote access
Dial up modem to a remote access server
Over the Internet through a VPN
Connecting to a terminal server system through a thin client
connection
Office located PC using remote desktop
Using a cloud based desktop
Users should be stringently authenticated before granting access
Only allow those users with a specific need for remote access have it
Plan Remote Access Security
Remote Connectivity Technology
o Each connection has its own type of security issues
Transmission Protection
o Use the appropriate combination of secured and encrypted
services
Authentication Protection
o Logon credentials need to be properly secured - PAP, CHAP, EAP,
PEAP, or LEAP - Radius or TACACS+
Remote User Assistance
o Must have a means established to provide user assistance
Dial Up protocols
Point-to-Point PPP - full duplex protocol used for transmitting TCP/IP
packets communications over async serial connections
Serial Line Protocol - SLIP - older tech that supports TCP/IP as above -
rarely used
Centralized Remote Authentication ServicesRADIUS - Remote Authentication
Dial-In User Service - centralized authentication of remote dial up - operates
on several ports UDP 1812 and TCP 2083
1
