Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

1/30/2012
11:04 PM
50%
50%

Cloud Means More Secure Remote Access

Connecting hosts running remote-access services directly to the Internet is so last decade. Instead, companies look to move to cloud-enabled services or virtual desktop infrastructure.

Remote-access software such as Symantec's pcAnywhere have been a popular option for companies and individuals that want to connect to their work computer from outside the office, or support organizations that want to allow remote maintenance.

Yet, the recent revelation that a hacking group gained access to the source code for pcAnywhere and subsequent warnings about vulnerabilities in the product has underscored that traditional remote access tools carry risks. A Symantec white paper listing a number of steps -- including not connecting the software directly to the Internet -- to reduce the attack surface of the product added emphasis to security concerns regarding remote-access software.

"Any software that is exposed to the Internet is at high risk, anyone can find out that you are running it," says Chris Wysopal, chief technology officer with Veracode, an application-security testing firm.

The concerns have highlighted some of the security benefits of using cloud infrastructure to boost the security of remote-access services. A cloud infrastructure can, for example, remove the Internet-visible signs that remote-access software is running behind a particular Internet address. Whereas scanning for the default ports used by remote-access software -- ports 5631 and 5632 in the case of pcAnywhere -- can give attackers a list of potentially vulnerable hosts.

"One of the fundamental benefits of cloud is the reduction of the attack surface -- there are no open ports," says Malte Muenke, vice president of engineering and operations for Citrix Online.

Citrix Online runs the popular GoToMyPC.com service, a remote-access service that uses frequently polling to the company's cloud servers as a means to pass data back to a host computer. There are no inbound connections to the host computer; instead, it pulls data down from the cloud. The result is that the attackable parts of the service -- any open ports -- are eliminated and the attack surface is reduced to a centrally managed hub that can be more easily secured and monitored.

"That is where a cloud service is more secure," he says. "You are concentrating all the attacks on one point, but you can secure that point really well."

Remote-access software such as pcAnywhere evolved from a time when each installation was managed separately. For companies that want to allow remote direct connectivity to a computer using pcAnywhere, Symantec issued a white paper with a long list of steps to reduce the attack surface area as much as possible.

Remote access to desktops and data via the cloud also has the benefits of central management. In addition, security policies can be more easily pushed to the endpoints, says Danny Allan, chief technology officer of Desktone, a virtual infrastructure company.

"The benefit of putting the desktop in the data center is that you can consistently apply policy," he says.

Yet, cloud is not a perfect solution. With so much trust be placed on a single cloud provider, companies need to make sure that they conduct the proper due diligence on the company, its infrastructure and security.

"I wouldn't say that any cloud offering is more secure," says Muenke. "So you really need to look at the vendor, see what they are claiming to do and ask if that is somebody that I can trust."

Moreover, the cloud does not solve the problem of insecurities caused by the end users. For example, the service relies on strong user credentials and, in many cases, that boils down to passwords.

"If you don't have strong password, a cloud service can clearly just as well can be at risk," Muenke says. "There is still responsibility on the user side."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MS8699
50%
50%
MS8699,
User Rank: Apprentice
2/10/2012 | 12:08:15 PM
re: Cloud Means More Secure Remote Access
A number of steps including not connecting the software directly to the Internet to reduce the attack surface of the product added emphasis to security concerns regarding remote-access software.
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26895
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
CVE-2020-26896
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
CVE-2020-5790
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5791
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVE-2020-5792
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.