Vulnerabilities inherent in remote access solutions are mostly related to the ability to sniff passwords and data off the wire, perform man-in-the-middle attacks, and spoof user identities. These vulnerabilities are addressed by increasingly sophisticated authentication mechanisms, which use certificate-based or Challenge-Response technology, rather than requiring plain text or encrypted transmission of authentication data through the use of increasingly complex ciphers.
Other issues include a Trojan Horse on a remote machine. In this instance you have created a secure tunnel for the intrusion!165
There are also occasional implementation vulnerabilities in the code for devices and software that implement remote access, due to programmer error. These vulnerabilities are often exploited to cause a Denial of Service, by crashing the client or server. As with all other functionality implemented on computer systems, new bugs are being discovered in communication software all the time. Somewhat complicating things is that some communication code is produced as open source and often finds its way into multiple vendors implementations of a particular standard protocol. This means that an implementation flaw in a protocol that is used by numerous manufacturers can affect numerous devices sold by numerous vendors.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.