Got remote access? Lock it down

Poorly configured remote-access software is to blame for the majority of data breaches by hackers, according to security reports from Verizon and Trustwave

While the theft of source code for Symantec's pcAnywhere has put the remote-access program in the spotlight, the security issues posed by remote management products are not new. In fact, data released over the last year shows that poorly configured remote-access programs routinely account for a significant portion of data breaches and network security incidents.

Remote-access software, for example, led to a stunning 62 percent of breaches studied by security firm Trustwave in its recently released global security report. The company looked at 300 breaches it investigated on behalf of clients and analyzed the results of 2,000 penetration tests. The data matches up with Verizon's annual survey of breach data from its own security practice and investigations by the U.S. Secret Service. The company found that hacking accounted for half of all breaches, and 64 percent of those hacks exploited weaknesses in remote-access software.

"The market problem is much bigger than pcAnywhere," says Joel Bomgar, CEO and founder of enterprise remote-management software maker Bomgar. "That entire category of technology is inherently risk prone. When you have listening ports, someone is going to find a way to brute-force it."

While the trend in computing has been to reduce the overall exposure of potentially vulnerable systems, remote-access software runs counter to those efforts, Bomgar says. Companies are routinely exposing systems inside their network to outside attackers, and frequently the only security is a poorly chosen password.

While pcAnywhere has gotten much of the attention recently, the two top culprits are the virtual network computing (VNC) system, an open source way of remotely managing desktops, and the Remote Desktop Protocol (RDP) developed by Microsoft. Regular port scans performed by Insecure.com, which manages the NMap network mapping utility, catalogs an estimated 83 million systems with open VNC ports and approximately 230 million systems with open RDP ports. Open ports do not indicate vulnerability, but do indicate systems that would attract more attacker attention.

For comparison, a recent Internet scan conducted by vulnerability management firm Rapid7 found that an estimated 7.7 million systems allowed requests on the ports typically used by Symantec's pcAnywhere, but further research found that only 140,000 systems -- about 1.8 percent -- appeared to be responding to pcAnywhere requests, and thus could be attacked. If a similar proportion of VNC and RDP systems were vulnerable, there would be more than 5 million attackable systems.

The lion's share of breached systems were point-of-sale servers in restaurants and other businesses in the hospitality industry, according to Trustwave's report. Those companies typically do not have the technical resources to lock down their systems, and so hire third-party providers, which require remote access. Unfortunately, many of those third-party contractors fail to use strong security to prevent unauthorized attacks.

This story, "Got remote access? Lock it down," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies