Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.1  Remote Access

Previous Topic/Section
IPSec Interoperability
Previous Page
Pages in Current Topic/Section
1
Next Page
2.2  Email
Next Topic/Section

2.1.8  Vulnerabilities

Vulnerabilities inherent in remote access solutions are mostly related to the ability to “sniff” passwords and data off the wire, perform man-in-the-middle attacks, and spoof user identities. These vulnerabilities are addressed by increasingly sophisticated authentication mechanisms, which use certificate-based or Challenge-Response technology, rather than requiring plain text or encrypted transmission of authentication data through the use of increasingly complex ciphers.

Other issues include a Trojan Horse on a remote machine. In this instance you have created a secure tunnel for the intrusion!165

IPSec – A secure tunnel for Trojan Horses

Remember that VPN’s don’t protect against Trojan Horses. If a Trojan Horse is carried in and allowed access to traffic (such as web browsing, file transfer or email), a VPN won’t stop it.


There are also occasional implementation vulnerabilities in the code for devices and software that implement remote access, due to programmer error. These vulnerabilities are often exploited to cause a Denial of Service, by crashing the client or server. As with all other functionality implemented on computer systems, new bugs are being discovered in communication software all the time. Somewhat complicating things is that some communication code is produced as open source and often finds its way into multiple vendors’ implementations of a particular standard protocol. This means that an implementation flaw in a protocol that is used by numerous manufacturers can affect numerous devices sold by numerous vendors.


 __________________

165. http://www.networkmagazine.com/article/NMG20020603S0004

Previous Topic/Section
IPSec Interoperability
Previous Page
Pages in Current Topic/Section
1
Next Page
2.2  Email
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.