4.9 – Remote Access - Remote Access

Questions and Answers

Which protocol is commonly associated with remote desktop connections to Windows devices?

• RDP (Remote Desktop Protocol) (correct)
• VNC (Virtual Network Computing)
• SSH (Secure Shell)
• RFB (Remote Frame Buffer)

What is a primary security risk associated with leaving TCP port 3389 open on a device?

• It allows unauthorized users to gain physical access to the device.
• It automatically grants administrative privileges to any network user.
• It disables the device's firewall, making it vulnerable to all attacks.
• It exposes the device to brute-force password attacks via RDP. (correct)

What is a common security vulnerability associated with the use of VNC and other third-party remote desktop systems?

• Users commonly reuse credentials across multiple systems. (correct)
• They often lack any form of authentication.
• The encryption used is weak and easily bypassed.
• These systems are inherently immune to man-in-the-middle attacks.

What is the primary function of a VPN concentrator in a VPN setup?

To manage the encryption and decryption of VPN tunnels. (B)

Why do attackers often target VPN endpoints instead of trying to break the VPN encryption?

Attackers can gain access to the VPN network by compromising the endpoints. (D)

What is Multi-Factor Authentication (MFA) and why is it useful in the context of remote access?

A security measure that requires multiple forms of authentication. (A)

How does SSH (Secure Shell) provide secure communication for remote server administration?

By encrypting all data transmitted across the network. (A)

What is the purpose of using public and private key pairs for SSH authentication?

To provide an additional layer of authentication beyond usernames and passwords. (B)

Why is it important to restrict SSH access to specific user accounts and trusted IP addresses?

To prevent unauthorized access and limit the attack surface of the server. (C)

What is the primary function of a Managed Service Provider (MSP) in relation to remote monitoring and management (RMM)?

To continuously monitor a client's network and systems remotely. (A)

What types of actions can an MSP typically perform through a Remote Monitoring and Management (RMM) system?

Patch operating systems and monitor for system anomalies. (C)

Why is securing an RMM (Remote Monitoring and Management) system critical?

Because it provides a potential entry point for attackers into customer networks. (C)

What is a key difference between Microsoft Remote Assistance (MSRA) and a constantly running remote desktop service?

MSRA provides access on demand, rather than being always on. (A)

What is an advantage of using Microsoft Remote Assistance (MSRA) or QuickAssist in terms of security?

No service is constantly running in the background, reducing the attack surface. (B)

What is a safer method for sharing a Microsoft Remote Assistance invitation than sending it via email?

Communicating the invitation over the phone. (D)

What is a potential risk associated with the ease of use of tools like MSRA or QuickAssist?

Users might be tricked into granting remote access to attackers. (B)

Besides MSRA or QuickAssist, what are some third-party tools that provide similar remote access functionality?

GoToMyPC and TeamViewer. (C)

What is the primary function of tools like Zoom and Webex?

Video conferencing. (D)

What is the primary purpose of cloud-based file transfer tools like Dropbox and Google Drive?

To share files among people in an organization. (D)

What is the main role of software like Citrix Endpoint Management and ManageEngine Desktop Central?

To manage and monitor end-user devices and operating systems. (C)

Which of the following is NOT a typical function of Remote Monitoring and Management (RMM) software?

Physically upgrading hardware components on-site (C)

When configuring SSH, which of the following practices would enhance security?

Restricting login access to specific accounts (C)

Which of the following scenarios benefits MOST from using a VPN?

Accessing a company's internal network from a public Wi-Fi (B)

An attacker gains unauthorized access to a system via a compromised RDP connection. What actions could they potentially perform?

Gain full control of the system and use it to access other systems (D)

A company uses a VPN with MFA. What is the MOST likely reason they implemented MFA?

To add an extra layer of security to prevent unauthorized access (C)

An organization discovers that their MSP's RMM system has been compromised. What is the MOST immediate risk to the organization?

Unauthorized access to multiple systems on their network (B)

A user receives an unsolicited invitation to connect via QuickAssist. What should their FIRST course of action be?

Contact their IT department to verify the legitimacy of the request (A)

Which of the following is a key benefit of using Microsoft Remote Assistance or QuickAssist over a constantly running remote desktop service from a security perspective?

There is no service constantly running in the background, reducing the attack surface (C)

Given the risks associated with various remote access technologies, what is the MOST important overarching security principle to implement?

Implement strong authentication mechanisms and regularly audit access (B)

Flashcards

Remote Desktop Connection

Ability to view and control a desktop over a network.

Remote Desktop Protocol (RDP)

Microsoft's protocol for remote desktop connections to Windows devices.

Virtual Network Computing (VNC)

A remote access technology similar to RDP, commonly used on Mac OS and Linux.

Remote Frame Buffer (RFB) protocol

The protocol used by VNC for remote desktop communication.

TCP Port 3389

A TCP port commonly used for RDP connections.

Virtual Private Network (VPN)

Creates an encrypted connection to a private network.

VPN Concentrator

A device that handles the encryption and decryption of VPN tunnels.

Multi-Factor Authentication (MFA)

Adding a username, password, and a code from your phone -- increases security.

Secure Shell (SSH)

A protocol for secure command-line communication with remote devices.

Remote Monitoring and Management (RMM)

Constant monitoring of a network from a remote location.

Microsoft Remote Assistance (MSRA)

A way to provide remote assistance on demand.

QuickAssist

The newer version of Microsoft Remote Assistance, available in Windows 10 and 11.

Study Notes

• Remote desktop connections enable viewing and controlling a desktop across a network.

Remote Desktop Protocol (RDP)

• Microsoft's RDP is commonly used for connecting to Windows devices, but clients are available for other OS like Mac OS and Linux.
• Open TCP port 3389 indicates a system is listening for an RDP connection, making it a target for attackers.

Virtual Network Computing (VNC)

• VNC is another technology that is similar to RDP for Mac OS and Linux.
• VNC uses RFB (Remote Frame Buffer) protocol for remote desktop communication.
• Clients for VNC are available on many operating systems (including Windows) and are often open source.
• Security concerns with VNC and third-party remote desktop systems arise from reliance on usernames and passwords.

Virtual Private Network (VPN)

• VPN creates an encrypted link between a device and a central concentrator, commonly used for remote work.
• A VPN concentrator handles encryption and decryption of VPN tunnels and can be a standalone device or integrated into a firewall.
• VPN client software can be configured for on-demand or always-on access.
• VPNs use strong encryption, attackers focus on endpoints to gain access to the network.
• Multi-factor authentication (MFA) adds security via a code from a phone, alongside username/password.

Secure Shell (SSH)

• SSH is used by server administrators to remotely administer servers over network.
• SSH is an encrypted protocol for secure command-line communication.
• SSH encrypts data, attackers can't understand the packets.
• SSH allows the use of public/private key pairs for authentication, adding a layer of security.
• SSH can be configured to control which accounts and IP addresses can log in.

Remote Monitoring and Management (RMM)

• Managed service providers (MSPs) use RMM for constant network monitoring of customer network and remote devices.
• RMM enables patching OSs, logging into customer's devices, monitoring anomalies, and providing hardware/software inventory.
• Strict security controls, authentication, and ongoing audits are crucial for RMM due to access it grants to customer networks.

Microsoft Remote Assistance (MSRA)

• Microsoft Remote Assistance (MSRA) offers on-demand remote access and does not need firewall configuration or port forwarding.
• The user needing help initiates MSRA and sends an invitation file to the technician.
• The technician opens the invitation to connect.

QuickAssist

• QuickAssist is a newer version of MSRA available in Windows 10 and 11 that streamlines the remote assistance process.
• MSRA/QuickAssist do not run constantly in the background eliminating unauthorized access risks.
• Sharing the code via phone call is more secure.

Third Party Tools

• GoToMyPC and TeamViewer offer remote control functionality.
• Zoom and Webex are used for video conferencing.
• Dropbox, Box.com, and Google Drive are cloud-based file transfer tools.
• Citrix Endpoint Management and ManageEngine Desktop Central are used for managing end-user devices.