Remote Access Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
>> Hi, and welcome to Lesson 2.2.5.
00:00
In this lesson, we're going to talk
00:00
>> about remote access.
00:00
>> This is going to be the last lesson we have on
00:00
our perimeter layer controls and after this,
00:00
we'll get more into network layer controls.
00:00
But when we talk about remote access,
00:00
we're essentially just talking about how do we want to
00:00
allow remote users access to internal resources?
00:00
It could be because we have remote workforce that needs
00:00
to gain access to
00:00
our corporate environment to do their work every day,
00:00
it could be because we have
00:00
traveling workforce who's from
00:00
hotel to hotel and needs to get access.
00:00
But either way, we're just talking about giving
00:00
remote people access to that internal environment.
00:00
When we talk about that,
00:00
one of the first things we need to discuss is what device
00:00
do we want to allow to
00:00
connect to our internal environment?
00:00
Do we want to restrict access only to control devices,
00:00
devices that we have full control over,
00:00
or do we want to make it a little more convenient
00:00
and let people access it from some personal devices?
00:00
We're going to talk a little bit about
00:00
virtual private networks or VPNs and what they are,
00:00
and how we can use them whenever we're giving people
00:00
access to the remote access to the environment.
00:00
We'll talk a little bit about multi-factor authentication
00:00
because passwords alone are not very secure.
00:00
We're going to talk a little bit about how we can add
00:00
some additional factors to make it more
00:00
difficult to break into the environment,
00:00
which is especially important when we're
00:00
talking about a remote access situation.
00:00
Then finally, we'll talk about mobile device management.
00:00
If we do choose to give remote workforce
00:00
access to our internal environment on
00:00
mobile devices like smartphones,
00:00
how can we manage that access?
00:00
Let's start with approved devices.
00:00
One of the first things you have to
00:00
discuss internally is what's going to
00:00
be the best balance between risk and reward in
00:00
determining which devices you're going to allow
00:00
to access your environment.
00:00
We could go on the left side of the screen if we only
00:00
allow people to access the environment
00:00
remotely using a controlled computer.
00:00
You come into the organization on Day 1,
00:00
you're issued a laptop,
00:00
it's a company laptop that
00:00
has all of the security controls in place,
00:00
all of the monitoring in place,
00:00
and it's locked down.
00:00
You can't make any changes to it.
00:00
Well, that's much more secure than letting someone use
00:00
a personal device but
00:00
the convenience is a lot less for end-users.
00:00
If you've got users who are traveling around,
00:00
maybe they have to now take two computers with them.
00:00
They have to take one while they're on the network doing
00:00
their job and then after
00:00
work hours while they're still stuck in the hotel,
00:00
they want to browse the web or do something else.
00:00
They might have to take a whole separate device,
00:00
their own personal device,
00:00
so the convenience level is a little lower.
00:00
On the flip side, if we allow people
00:00
to use personal devices,
00:00
I'm calling the control factor on
00:00
this one medium because if we allow
00:00
someone to use their personal device
00:00
to connect to the internal network,
00:00
there are things that we can do.
00:00
We can make restrictions and say, well,
00:00
you can only connect to resources
00:00
in this one controlled application
00:00
on your personal device.
00:00
There is some control that we have there.
00:00
But at the end of the day,
00:00
we don't own those devices
00:00
so we can't set all of the policies,
00:00
we can't force people to
00:00
run all of the different software we need to run.
00:00
There's a whole lot of different things that are just
00:00
outside of our control but the convenience
00:00
level's very high because people can do
00:00
their personal work and their work on the same device.
00:00
There's no right or wrong answer here.
00:00
Really, it's all about making a determination
00:00
over what type of things people are going to access,
00:00
how big is the risk,
00:00
and how much convenience do you want to give end-users.
00:00
Every organization is going to be
00:00
a little bit different and it's up to you
00:00
to decide what's the best balance for your organization.
00:00
Let's talk a little bit about VPNs
00:00
or virtual private networks.
00:00
When we talk about VPNs,
00:00
all a VPN is,
00:00
is a tunnel, if you will.
00:00
It's a way to transmit data that's secure.
00:00
If we've got a device
00:00
out there on the left-hand side and it
00:00
needs to go over the Internet,
00:00
we've got a remote worker who needs to connect over
00:00
the Internet to our corporate environment on the right,
00:00
well, we all know there's a lot of
00:00
bad stuff out there on the Internet.
00:00
All a VPN does,
00:00
it establishes a secure tunnel
00:00
that then allows the traffic to pass through.
00:00
Nothing from the outside can see inside this tunnel.
00:00
That's all a VPN is, a virtual private network.
00:00
It's an extension of
00:00
your internal network out there in the wild somewhere.
00:00
There's a few different types of VPNs.
00:00
Some of the VPN protocols
00:00
we'll discuss here will be PPTP,
00:00
which is Point-to-Point Tunneling Protocol, L2TP,
00:00
which is Layer 2 Tunneling Protocol,
00:00
and SFTP, which is Secure Socket Tunneling Protocol.
00:00
There are a couple of others,
00:00
but these are the main three we're going to discuss
00:00
here and we'll tell you how each one of these works,
00:00
and then you can make a determination whichever
00:00
one is right for your environment.
00:00
Let's start with PPTP.
00:00
Point-to-Point Tunneling Protocol, it's
00:00
the original VPN protocol that was established back in
00:00
the '90s when there
00:00
was first determined that there was a need to
00:00
actually encapsulate data over
00:00
some secure transmission mechanism
00:00
for this remote access type of situation.
00:00
It's not very secure,
00:00
it's the least secure method of VPN now.
00:00
It was fine when it was created,
00:00
but it's not very secure according to today's standards.
00:00
We'll talk about why in a second.
00:00
One of the things about PPTP that's
00:00
unique is both sides use the same key.
00:00
VPNs are just another mechanism of encryption.
00:00
We talked about encryption a few modules ago.
00:00
Now we're talking about it in
00:00
the form of a virtual private network,
00:00
but it's the same basic principles behind it.
00:00
When we talk about keys,
00:00
keys are used to encrypt and decrypt traffic.
00:00
In the case of PPTP,
00:00
both sides have the same key. How does that work?
00:00
Let's say we've got endpoint over there on the left,
00:00
let's say that's an external computer
00:00
that needs to communicate with some system,
00:00
that's an internal system there on the right.
00:00
But with PPTP,
00:00
it's a tunneling protocol,
00:00
so there's going to be some gateway mechanism that
00:00
needs to be placed between those two devices.
00:00
The Point-to-Point Tunneling Protocol
00:00
actually terminates on
00:00
gateway devices and not necessarily on
00:00
the endpoints that are communicating with each other.
00:00
The way that works is you would have
00:00
some a gateway device at
00:00
the perimeter and then you'd have another gateway device,
00:00
either in the form of software or a piece of hardware at
00:00
the end-user's house or at the hotel with the end-user.
00:00
Those two gateways have the same key configured in them.
00:00
When you think about a key,
00:00
just think about it like a password,
00:00
like just a long string of characters that has to be
00:00
configured hard-coded on both sides
00:00
and it has to be identical.
00:00
What happens is when a tunnel needs to get established,
00:00
the gateways actually communicate
00:00
with one another and they say,
00:00
"Hey, I want to establish a tunnel."
00:00
The other one says, "Okay, let's use our keys."
00:00
They use their keys and then a tunnel is established.
00:00
Once that tunnel is established,
00:00
then the endpoint can transmit over that tunnel.
00:00
Now, what's happening is the endpoint
00:00
is actually transmitting to the gateway in
00:00
just clear text if it's a clear text protocol,
00:00
it's just regular raw traffic,
00:00
and then the tunnel at the gateway is encapsulating that
00:00
inside the tunnel, if you will,
00:00
it's getting tunneled across to
00:00
the other gateway on the other side,
00:00
that gateway is decapsulating
00:00
it or stripping the tunneling information off,
00:00
and then allowing the raw traffic to pass back
00:00
to that destination device.
00:00
In the case of L2TP,
00:00
which is Layer 2 Tunneling Protocol,
00:00
it's going to be a little bit more secure than PPTP
00:00
because it doesn't use the same key on each side.
00:00
Well, let me go back to this. Actually,
00:00
I want to talk about why that's not secure.
00:00
If you think about PPTP,
00:00
it's convenient because you
00:00
just have to have one key that you need to remember.
00:00
But the problem is the gateways on each side,
00:00
that key is going to live in two different places.
00:00
That's two places that that key could
00:00
potentially be compromised in two physical places.
00:00
On top of that, the administrators
00:00
that configure those keys in the system,
00:00
human beings need to know what those keys are,
00:00
so they have to configure those keys in the system.
00:00
Now you've got the keys in two
00:00
different places and you've got
00:00
human beings on both sides that know the keys.
00:00
The more people that know the secrets,
00:00
the more likely it is that secret gets compromised,
00:00
and all an attacker has to do
00:00
is know what the key is and they
00:00
can decrypt anything going across that VPN tunnel.
00:00
With L2TP, you're going to have
00:00
slower speeds because you're
00:00
not using the same key on each side.
00:00
With PPTP, the keys are already known,
00:00
the tunnel can be negotiated and that's the end of it.
00:00
There's an extra step with L2TP because there's
00:00
a key negotiation that takes place between
00:00
the two gateways before the tunnel is created,
00:00
it's just an additional step
00:00
before the actual tunnel gets created.
00:00
That tunnel is built on the IPSec model and there's
00:00
a few different mechanisms for key negotiation in IPSec;
00:00
we can use the public key encryption,
00:00
the PKI infrastructure like we've talked
00:00
about during the encryption session,
00:00
where each side has two keys.
00:00
There's a public key and a private key.
00:00
The private key is used to unlock data that
00:00
was encrypted with the public key and vice versa.
00:00
It can use that model or IPSec can just use
00:00
a list of keys and can negotiate between.
00:00
But the thing to remember is there is
00:00
a key negotiation step.
00:00
It's not just hard-coded,
00:00
configured on each side with
00:00
the same key. How does this look?
00:00
L2TP, we got same setup.
00:00
We've got an end-user on the left trying to connect to
00:00
a system internally on the right.
00:00
There are still gateways between the
00:00
two because this is still a tunneling protocol and
00:00
the gateways themselves are
00:00
going to establish the tunnel.
00:00
In this case, we have this two-way communication
00:00
between the two gateways,
00:00
and they negotiate which set
00:00
of keys they're going to use.
00:00
Once they negotiate that both sides have the keys,
00:00
at that point, the tunnel can be created.
00:00
Again, that negotiation can be in the form of
00:00
the public key, the PKI infrastructure.
00:00
It could be in the form of a list of keys that
00:00
each one has and they just pick and choose which ones.
00:00
It can be in several different forms,
00:00
but it's not predetermined which one is
00:00
going to be used for each session or each tunnel.
00:00
Once the key negotiation happens,
00:00
the tunnel is established and the communication works
00:00
exactly like it does with PPTP,
00:00
where the raw data is sent to the gateway.
00:00
The gateway encapsulates it inside a tunnel,
00:00
goes across, the other gateway,
00:00
decapsulates it, and sends the raw data to the endpoint.
Up Next