tft13 - nathan mcneill, securing remote support
DESCRIPTION
With thanks to Cherwell Software. Please visit http://bit.ly/tftCherwell for a short 2 minute video. You probably use remote support on your service desk. In fact, you probably use more than one remote support tool . . . and they're probably not secure. For years now, remote support has been found to be the leading data breach attack pathway. Attackers use simple methods made possible by legacy remote support technologies accessible to the internet. McNeill will discuss how your service desk may be putting your company's data at risk and what you can do to secure remote support. To find out more about TFT, the only 24 hour global virtual ITSM conference, visit www.tomorrowsfuturetoday.comTRANSCRIPT
Bomgar Product Strategy
Bomgar Product Strategy
Company Overview
Bomgar Product Strategy
200 Fatalities Per Year
Bomgar Product Strategy
1% Of Breaches in Study 47%
Of Breaches in Study
Physical Theft Remote Access
Bomgar Product Strategy
Remote Support (Access)
Service Desk (Process)
Systems Management (Infrastructure)
Support
Incident
Incident
Resolved
Infrastructure Process Access
Bomgar Product Strategy Why You Need Access
Error!
2
1 3
5
4
6
Bomgar Product Strategy
Not This Kind of Access
Bomgar Product Strategy
Support Rep End-User
Error!
Error!
Bomgar Product Strategy
A Mobile Environment
Bomgar Product Strategy
VPN
Point-to-Point Tools
Bomgar Product Strategy
Inadequate Controls
Bomgar Product Strategy
Bomgar Product Strategy
2011 Data Breach Investigations Report
– Verizon Business RISK Team
The Usual Suspects
Bomgar Product Strategy
2010 Data Breach Investigations Report – Verizon Business Risk Team
Bomgar Product Strategy
2010 Global Security Report – Trustwave SpiderLabs
Bomgar Product Strategy
In approximately four of 10 hacking-
related breaches, an attacker gained
unauthorized access to the victim via
one of the many types of remote
access and management software.
Rather than for internal usage, most of
these connections were provisioned to
third parties in order to remotely
administer systems. 2009 Data Breach Investigations Report – Verizon Business Risk Team
Bomgar Product Strategy
42%
34%
24%
9%
21%
2008 Data Breach
Investigations Report
– Verizon Business
Risk Team
Bomgar Product Strategy
“Legacy remote control tools are incapable
of supporting increasingly complex
environments, and companies must find
new ways to provide support services to users.”
P2
─ PC Remote Control Security: Risks & Recommendations Gartner, Apr 2009
Bomgar Product Strategy Enterprises are Like Opera Houses
Pretty and Polished On-Stage
Bomgar Product Strategy
Backstage Filled with Secret Passages
Bomgar Product Strategy
Translation: You Should Be Afraid
Bomgar Product Strategy
A New Twist
Bomgar Product Strategy
Bomgar Product Strategy
Mobile Device Remote
From
Remote To Functionalities
Screen
Sharing
System
Info Chat
File
Transfer
Screen
Capture
Remote
Config
BlackBerry®
Windows
Mobile(1)
Android™
iPad®
iPhone®
(1) Windows Mobile 6.5 and Below
(2) For carriers and device manufacturers. Not available for all businesses
(2) (2)
Bomgar Product Strategy
Bomgar Product Strategy
1. Architecture
2. Authentication
3. Access Controls
4. Audit
Bomgar Product Strategy
1. Architecture
Bomgar Product Strategy
“There are three basic forms of PC
remote control: client/server (agent-
based), Web-based (agentless) and
appliance-based (agent not
required).” P4
─ PC Remote Control Security: Risks & Recommendations Gartner, Apr 2009
Bomgar Product Strategy
Bomgar Product Strategy
Bomgar Product Strategy
Bomgar Product Strategy
Bomgar Product Strategy
• LDAP
• RSA/RADIUS
• Kerberos
Bomgar Product Strategy
• Group Policies
• System-Level Permissions − Remote Control
− Unattended Access
− Command Line
− File Transfer
− Script Usage
• Session-Level Permissions − Access Elevation
− Collaboration Settings
− Team Membership
Bomgar Product Strategy
Bomgar Product Strategy
Bomgar Product Strategy
• Customer-initiated
• Remote Control or View Only
• Restrict Access by Application
• Over-Riding Mouse Control
• Prominent "Stop Session" Button
• Notifications/Permissions for All Rep
Actions
Bomgar Product Strategy Vendor Controls
•Dedicated Silo for Each Partner
•Per-Partner Access & Security Policy
•Integration with Access Directories
•Policy-Based Collaboration with
Internal Teams
•Direct or Accompanied Access to
Systems
•Ad-Hoc, or Ongoing Access
•Complete Audit Trail of Partner Access
Bomgar Product Strategy
• Detailed Session Logs − Session Membership
− Activity Transcripts
− File Transfers
− Survey Responses
• Video Session Recording − Screen Sharing
− Command Line Sessions
• Track Admin Changes Via Syslog
• Integrated with Service Desk / CRM
Bomgar Product Strategy
Real-Time Audit
Bomgar Product Strategy
• Remote Support Is a Current Security Risk
• Remote Support Is Extending to Mobile
• Four ‘A’s Needed for Remote Support Security
Bomgar Product Strategy