Security Basics mailing list archives

Re: Remote Web Workplace security

From: "ROB DIXON" <rdixon () workforcewv org>
Date: Thu, 09 Mar 2006 14:52:05 -0500

Thanks Paul,

I understand completely. This has been a topic of discussion with my organization.
How do we secure remote pc's that VPN to our network. Providing an up to date fully patched system with the latest 
virus dats still doesnt cover the issues of a comprimised system connecting. Or, as you have stated "if someone makes 
off with the credentials of the connecting party, or
if the connecting party is no longer in control of their machine".

Thanks for the explanation!!

Robert L. Dixon,  CSO
CHFI A+
State of West Virginia's 
West Virginia Office of Techonology
Infrastructure Applications
Netware/GroupWise Administrator
Telephone: (304)-558-5472 ex.4225 
Email:rdixon () workforcewv org

"Paul Halliday" <paul.halliday () gmail com>  >>>

My reasoning is that the semantics of the connection method are not as
important as the trust relationship between the connecting host and
the workplace. The pipe to your workplace (regardless of the method
that you use to secure it) is not the weakest link; the connecting
party is. From a due diligence perspective it only makes sense to use
a VPN to connect to your workplace. However, this does not eliminate
the more common threat, which would be a compromised host establishing
the connection.

If I rolled something like this out, my last concern would be someone
trying to attack the tunnel itself; this is why we have IDS/IPS. But
if someone makes off with the credentials of the connecting party, or
if the connecting party is no longer in control of their machine, we
have no way to detect or prevent it. Unless you can insure a trust
relationship between the VPN and all machines that will ever connect
to it, worrying about the details of the connection method are the
least of your worries.

On 3/7/06, ROB DIXON <RDIXON () workforcewv org> wrote:

Hi David,

Without of course illustrating an attack, could you explain your comment regarding "I would fire a keylogger onto 
your machine far quicker
than attempting to MITM your rdp session."?
In other words, which connection method are you stating is more vulnerable to which attack?

Thanks



Robert L. Dixon,  CSO
CHFI A+
State of West Virginia's
West Virginia Office of Techonology
Infrastructure Applications
Netware/GroupWise Administrator
Telephone: (304)-558-5472 ex.4225
Email:rdixon () workforcewv org

"Paul Halliday" <paul.halliday () gmail com>  >>>

On 3 Mar 2006 02:09:31 -0000, davidj () comparto com au
<davidj () comparto com au> wrote:

My fellow Sys Admin has been pushing the 'Remote Web Workplace' as the remote connection option to our clients. 
Where I prefer the Remote Desktop through VPN whenever possible.

I understand the straight Remote Desktop has RC4 security which is rather weak. I dont believe this has been 
improved when using the 'Remote Web Workplace' method? Any I wrong?

I want to make it policy that Remote Desktop connections via a VPN must always be used before the 'Remote Web 
Workplace', whenever possible.
Am I being paranoid?


Yes you are. I would fire a keylogger onto your machine far quicker
than attempting to MITM your rdp session.


Thanks

Dave J

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Remote Web Workplace security davidj (Mar 03)
- Re: Remote Web Workplace security Paul Halliday (Mar 06)
- <Possible follow-ups>
- Re: Remote Web Workplace security barcajax (Mar 06)
- Re: Remote Web Workplace security ROB DIXON (Mar 08)
  - Re: Remote Web Workplace security Paul Halliday (Mar 09)
- RE: Remote Web Workplace security Dana Epp (Mar 10)
- Re: Remote Web Workplace security ROB DIXON (Mar 10)