Secure Remote Access

About This Presentation

Title:

Description:

Number of Views:1054

Avg rating:3.0/5.0

Slides: 12

Provided by: mike351

Category:

more less

Transcript and Presenter's Notes

Title: Secure Remote Access

1
Secure Remote Access
For telecommuters and roaming users

2
Secure Remote Access Requirements

3
Authentication

Authentication is needed to
Prevent unauthorised access to the laptop
Prevent unauthorised access to your network
The Authentication Scheme needs to
Be easy and seamless to the user
Use multiple factors to prevent capture and
replay of credentials (e.g. key-logging of
passwords)
Prevent man-in-the-middle attacks
Rainbow iKey cryptographic tokens

4
Physical Security

Laptops contain your agencys information
Try and keep as little information on the laptop
as possible - Dont use a laptop as a mass
file-store
Make it difficult to obtain information even with
physical access to the laptop Boot time
authentication
Media could be removed and read from elsewhere
Disk Encryption
Procedures Citrix WinMagic Rainbow Crypto
Tokens

5
Disk Encryption Implementation Choices

Disk vs File Encryption
File Encryption
Choose a file, decrypt, use, encrypt, secure
erase unencrypted file
Disk Encryption
Encrypts and decrypts all files (including
temporary files) on the fly. This process is
extremely transparent to the end user.

Issues for pooled resources
If laptop L is encrypted with user As key then
users B,C,D cannot use the laptop.
Use a device access key rather than a user
authentication key

Master Keys
If a user loses their key, or is not present can
IT Support read the disk?
Encrypt the disk encryption key using the users
key and a key owned by IT Support staff

6
Network Security

Your Agencys information travels over the
Internet.
Make sure that nobody can watch it go past
Prevent unauthorised access to your information
resources.
Packet sniffing Session encryption e.g. IPSEC
or SSL
Man-in-the-middle
Authenticate both the Server and the client!
Capture-and-replay Network Attack Prevention
Protect the client system
Disable unneeded services
Use a personal firewall to only allow access from
applications that should be using the
network/internet
Agency owned systems versus staff owned (or
internet café) systems
Filter traffic from the client to your network
it should only be trying to access expected
services!
E.g. CodeRed, MSBlaster, SQLSlammer!
Cisco VPN Client Rainbow Crypto Token
ZoneAlarm

7
Malware Prevention

Personal Firewall
Use a personal firewall that authenticates which
applications connect to the internet or your
network this prevents rogue software from
spreading over the network
Anti-virus
Prevents detected Malicious Software from
executing on the laptop
Does it update automagically?
System Resources
Multiple instances of security software for disk
encryption, network encryption, authentication,
firewall, anti-virus... Is this a DoS attack in
itself?
ZoneAlarm McAfee WinMagic Cisco VPN ..
RAM

8
Management and Support

9
Ease of Use and End-User Awareness

10
New Days and Other Ways?

PDAs, SmartPhones
Key-based computing http//key-computing.com/exhan
ge_edition.asp
Xkey addresses the challenges traditionally
associated with work from non-company-issued
computers. Information on Xkey is encrypted
(128-bit AES) in case the device is lost or
stolen. All communications to and from the
Exchange server are encrypted (128-bit SSL).
Keystroke recorders are neutralized.
Unintentional traces of work are wiped clean.
Certificates (X.509) can be stored on Xkey and
used for 2-factor authentication.
Bootable CDs
Virtualisation