Target Breach Takeaway: Secure Your Remote Access

Yes, attackers could use stolen credentials to get into your systems from a distance. But slamming the door is not the answer.

Lori MacVittie, Principal Technical Evangelist, f5

February 10, 2014

3 Min Read
The percentage of respondents to our <a href="http://reports.informationweek.com/abstract/21/10696/Security/Research:-2013-Strategic-Security-Survey.html"target="new">2013 Strategic Security Survey</a> who say controlling remote access is a problem jumped 11 points year-over-year.

Fallout from the Target breach continues to rack up as more details are revealed. The latest revelations focus on how the attackers gained the access necessary to plant the malware responsible for capturing millions of consumers' sensitive financial information: remote access using stolen credentials.

The consensus on a local radio station show I recently heard was that Target -- and others -- should reconsider whether they should continue to allow remote access. After all, no remote access, no security breach, right?

Let’s not be too hasty. Certainly, it behooves us to review how we support remote access for employees, partners, and contractors alike, to figure out whether, as with the Target breach, miscreants able to obtain the proper credentials could also be authorized access to internal systems and networks.

The real questions every organization that supports remote access should be asking are not around whether such technologies pose a significant security risk. They’re around whether the policies those technologies act on pose a significant security risk.

An audit of your remote access policies is certainly in order. Such audits should be performed at least annually, if not biannually -- and not on an ad hoc basis as a reaction to someone else’s bad luck.

There are three key areas to consider when auditing remote access policies:

1. Set boundaries. Business stakeholders should document exactly which applications and systems are vital to each remote user. A person who needs access to only two or three applications should not be allowed to roam around the network. Limit access to only what is required -- no more, no less. This is one area where you can use the Target example to your advantage, to light a fire under stakeholders.

2. Trust but verify. Evaluate how users are authorized. While login credentials are common, the Target breach shows us they can be compromised. If a username and password are the only means used to verify authenticity of a remote user, disaster awaits. Consider additional means of verifying remote users -- two-factor authentication at minimum.

3. Detect anomalies. Fraud detection has long used device (platform) and location changes as possible indicators of attempted fraudulent access using valid credentials. Investigate the ability of your remote access system to support detection of such anomalies and incorporate that into your authentication and authorization processes. Emerging technologies, such as browser fingerprinting, which aims to uniquely identify a browser from among millions of other browsers, can help identify attempts to fraudulently use valid credentials.

As attackers become more sophisticated, so too must security technology. Incorporating heuristic analysis of user behavior and location is on the cusp of providing better security through more trustworthy means of verifying the authenticity of the user behind the credentials.  

Any service that's made available to the public Internet is going to pose a security risk. The key to avoiding a breach is to ensure that policies driving authorization to those services are able to make decisions in the context that requests are made.

As web-based integration wins, it's dawning on enterprises that they need a more sophisticated API strategy. Find out how to get there. Also in this issue: 3 Techs That Depend On AI. Machine learning and artificial intelligence will be key to building exciting, compelling products and services.

About the Author

Lori MacVittie

Principal Technical Evangelist, f5

Lori MacVittie is the principal technical evangelist for cloud computing, cloud and application security, and application delivery and is responsible for education and evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University. She also serves on the Board of Regents for the DevOps Institute and CloudNOW, and has been named one of the top influential women in DevOps. 

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights