4.9 – Remote Access - Remote Access

Questions and Answers

An attacker discovers TCP port 3389 is open. What is the most likely implication?

• The system is vulnerable to VNC attacks.
• The system is running a honeypot.
• The system is listening for a Microsoft RDP connection. (correct)
• The system is actively transmitting encrypted data.

Why is SSH considered more secure than Telnet for remote command-line access?

• SSH transmits data in encrypted form, while Telnet sends data in clear text. (correct)
• SSH connections are stateless.
• SSH uses multifactor authentication.
• SSH is less resource-intensive than Telnet.

In a VPN setup, what is the primary function of the VPN concentrator?

• To manage user authentication and authorization.
• To route network traffic between the internal network and the internet.
• To provide firewall services for the corporate network.
• To handle the encryption and decryption of VPN tunnels. (correct)

What is a major security risk associated with the use of remote desktop technologies like RDP and VNC?

They can provide full system control to unauthorized users if compromised. (B)

Why is it important to implement multifactor authentication (MFA) for VPN access?

To add an extra layer of security, reducing the risk of unauthorized access even if the password is compromised. (D)

What is the primary advantage of using Microsoft Remote Assistance (MSRA) or QuickAssist for remote support?

They do not require any firewall configuration or port forwarding. (C)

Why would attackers target the endpoints of a VPN connection rather than attempting to break the VPN's encryption?

All of the above. (D)

What is the main purpose of a Remote Monitoring and Management (RMM) system?

To constantly monitor a client's network and systems for anomalies and provide remote support. (A)

What is a critical security measure to implement when using an RMM system?

Implementing strong authentication and conducting regular audits of user access and activity. (B)

What is the purpose of using a public and private key pair for SSH authentication?

To add an extra layer of security beyond username and password authentication. (B)

A technician connects to a remote Windows computer and needs to access files quickly. Which technology would be MOST suitable?

RDP (B)

An organization wishes to provide secure remote access to its internal network for employees working from home. Which technology would BEST fulfill this requirement?

Virtual Private Network (VPN) (C)

A system administrator needs to remotely manage a Linux server from a Windows computer. Which technology would allow secure command-line access?

Secure Shell (SSH) (A)

A user reports needing immediate assistance with a software issue on their computer. Which of the following technologies would be suitable for providing real-time remote support?

Microsoft Remote Assistance (MSRA) (C)

Why is it crucial to restrict the accounts allowed to log in via SSH and block SSH sessions from untrusted IP addresses?

To enhance security by limiting potential entry points for unauthorized access. (A)

Which of these technologies, if compromised, would give an attacker the HIGHEST level of network access?

RMM (D)

Which protocol relies on RFB (Remote Frame Buffer) for remote desktop communication?

VNC (C)

An organization has a mixed environment of Windows, macOS, and Linux systems. What remote desktop solution would be the MOST versatile choice?

VNC (D)

A company wants to monitor disk space, CPU load, and memory usage on remote systems. Which feature of an RMM (Remote Monitoring and Management) system would BEST address this need?

Checks (C)

Why is reusing credentials across different systems considered a security risk when using remote access technologies?

It makes it easier for attackers to gain access to multiple systems if one set of credentials is compromised. (B)

A user reports that they received an unsolicited invitation for Remote Assistance. What IMMEDIATE action should they take?

Contact their IT support team to verify the legitimacy of the invitation. (C)

What is a key difference between Microsoft Remote Assistance and Microsoft's Quick Assist?

Quick Assist is the newer, streamlined version available in Windows 10 and 11, while Remote Assistance is an older version. (C)

What is the MOST important security consideration when choosing a third-party remote access tool?

The tool's security measures and reputation for protecting user data. (D)

An attacker gains access to encrypted data transmitted through a VPN. What would they need to decrypt the data?

The encryption keys used by the VPN concentrator and client. (A)

What is the best way to share an invitation from Microsoft Remote Assistance?

Sharing it over the phone using a verbal code (D)

What type of technology are Dropbox, Box.com, and Google Drive?

Cloud-based file transfer tools (A)

What is an advantage of using cloud-based file transfer tools such as Dropbox or Google Drive in an organization?

They make it easier to share files among people in the organization. (A)

What is the purpose of Citrix Endpoint Management and ManageEngine Desktop Central?

They manage end-user devices and operating systems. (A)

What is one way to identify a system that is listening for an RDP connection?

Check if TCP port 3389 is open. (C)

Flashcards

Remote Desktop Connections

Ability to view and control a desktop across a network.

Remote Desktop Protocol (RDP)

Microsoft's protocol for remote desktop connections to Windows devices.

Virtual Network Computing (VNC)

A remote access technology similar to RDP, often used on macOS and Linux.

Remote Frame Buffer (RFB)

Protocol used by VNC to communicate with a remote desktop.

TCP Port 3389

A TCP port that, if open, indicates a system is listening for an RDP connection.

Virtual Private Network (VPN)

A network security system creating encrypted connections over a public network.

VPN Concentrator

Central device that manages the encryption and decryption of VPN tunnels.

Multi-Factor Authentication (MFA)

An authentication method requiring multiple verification factors.

SSH

Secure Shell. Encrypted protocol for command-line interface access to remote devices.

Public and Private Key Pair (SSH)

A key pair for authentication, enhancing SSH session security.

Managed Service Provider (MSP)

Constant monitoring of a network by a third-party provider.

Remote Monitoring and Management (RMM)

Remote monitoring and management; MSPs use this to manage client networks.

Microsoft Remote Assistance (MSRA)

A Microsoft tool for on-demand remote assistance.

QuickAssist

Newer version of MSRA that provides on-demand remote assistance, included with Windows 10/11.

Study Notes

• Methods exist to view and control a desktop across a network

Remote Desktop Connections

• Different connection types are available depending on the operating system

Remote Desktop Protocol (RDP)

• Microsoft's protocol is used for connecting to Windows devices
• Clients are available for macOS and Linux

Virtual Network Computing (VNC)

• Used for macOS and Linux, similar to RDP
• Uses Remote Frame Buffer (RFB) protocol for communication
• VNC clients are available for many OSs, including Windows, and are often open source

Security Concerns

• Poorly implemented RDP can allow unauthorized access
• Open TCP port 3389 indicates a system is listening for an RDP connection
• Attackers may attempt to connect and try different passwords
• Similar security concerns apply to VNC and other third-party remote desktop systems
• Reusing credentials across systems is a common vulnerability
• Gaining remote desktop access can give full system control

Virtual Private Network (VPN)

• Many use VPN technology
• Users connect to a central concentrator for encryption and decryption of VPN tunnels
• Concentrators can be standalone devices or integrated into firewalls
• VPN concentrators can be built using Linux and specialized hardware

VPN Client Software

• Installed on user machines
• Can be configured for on-demand or always-on access

VPN Implementation

• Corporate network is protected by a firewall
• VPN software creates an encrypted link between a device (e.g., laptop at a coffee shop) and the VPN concentrator
• Concentrator decrypts incoming data and sends it to the corporate network
• Outgoing information is encrypted by the concentrator and sent back to the device
• VPNs use strong encryption

VPN Security

• Attackers target endpoints to gain access to the VPN network due to strong encryption
• Secure usernames and passwords are vital
• Multi-factor authentication (MFA) adds extra security

Secure Shell (SSH)

• SSH is an encrypted protocol used by server administrators to administer servers across a network
• Used for secure command-line communication on remote devices
• Similar to Telnet, but uses encryption

SSH Security

• Gaining access to SSH data is not useful because the data is encrypted
• Attackers target the server or an existing client
• Public and private key pairs can be used for additional authentication
• SSH services should be configured to allow logins from specific accounts only
• Firewalls can block SSH sessions from untrusted IP addresses

Managed Service Provider (MSP)

• MSPs monitor networks remotely
• Remote Monitoring and Management (RMM) allows patching, device login, anomaly monitoring, and hardware/software inventory
• Attackers seek access to RMM systems
• Strong authentication controls and ongoing audits are needed for RMM security

Microsoft Remote Assistance (MSRA)

• Provides on-demand remote access, similar to remote desktop services
• Does not require firewall configuration or port forwarding

MSRA Process

• User needing help starts MSRA and invites a trusted helper, the user can save the invitation as a file, send it via email, or use Easy Connect
• The helper receives the invitation and connects using their version of MSRA

Quick Assist

• Newer version of MSRA in Windows 10 and 11
• Streamlines the MSRA process with same end result

MSRA/QuickAssist Benefits

• No constantly running service
• No need to configure port forwarding or firewall rules

MSRA/QuickAssist Caveats

• Sending invitations via email is not secure
• Users may be tricked into granting attackers remote access
• Third-party tools like GoToMyPC or TeamViewer are alternatives

Other Remote Access Tools

• Video conferencing: Zoom, Webex
• Cloud-based file transfer: Dropbox, Box.com, Google Drive
• Desktop management software: Citrix Endpoint Management, ManageEngine Desktop Central