Remote Access

From SI410
Revision as of 19:09, 12 April 2021 by Raybart (Talk | contribs)

Jump to: navigation, search

Remote access, also known as remote desktop, is the ability to access a computer or device from any remote location.[1] By installing remote access software, it is possible to gain full control of a secondary device, including running applications and accessing files.

Remote access allows employees to access company data or servers from different locations, but it may also be used as a form of remote administration.[2] Remote desktop programs have also been increasingly implemented for personal use and educational purposes following the COVID-19 pandemic, but their usage has led to heightened security and ethical concerns.

Remote access allows for wireless connection to servers from any location. [3]

Requirements

Remote access software has been adopted at a faster rate since the COVID-19 pandemic as a means of maintaining Center for Disease Control (CDC) social distancing guidelines while still granting employees access to company resources. [4] This has resulted in a wide variety of remote access softwares being created for targeted use, marking a 281% increase in traffic for remote desktop products.[5]

Basic outline for remote access system. [6]

Remote Access Application

To access any device remotely, the correct software must first be downloaded and installed on all of the devices involved in the remote access setup. Remote desktop products are typically available in three models: hosted service, software, and appliance.[7]

Hosted services are rented access to applications/infrastructure components on external service providers. [8] In order to utilize hosted services and access software/data, one must log into remote servers via the Cloud. Hosted services include infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS),etc. Examples of hosted service providers are Amazon Web Services (AWS) and Google Cloud Platform. [9] [10]

In the fourth quarter of 2020, AWS made up 10% of Amazon’s total revenue at $12.7 billion, an increase of $2.75 compared to the quarter before. It represented 52% of Amazon’s total operating income. [11] In comparison, Google Cloud Platform brought in a total of $13.06 billion for all of 2020, a 47% increase over the year before. [12] Both companies are expanding the features of these services moving forward, and Google especially has expressed strong intentions to heavily invest in this sector moving forward.

Hosted software and applications are owned and licensed software applications that are installed and run on an external datacenter, differing from the rented access of software as a service. A user purchases hosted applications and software outright and has full ownership and maintenance of the software application they choose to install and host on external service providers. [13] An example of a hosted application is Wordpress. [14]

Hosted appliances are preconfigured in-house solutions deployed with a user's own virtual cloud solution, in which an office is one's own cloud. Opting for hosted appliances ensures better security within the office in exchange for the scalability and peak management of hosted services. Examples of hosted appliances are Dropbox, IBM Cloud and Oracle Cloud.[15]

Internet Connection

A stable internet connection is needed in order to deploy remote access features. After application installation, the software on the device can be opened and used to remote into the device of a user’s choice. The remote connection should be instant and continuous as long as neither computer is turned off or disconnected from the internet.

Implementation

Business

Remote Workers

Many businesses have taken advantage of the accessibility of remote access software to hire employees that do not live near their office of employment.[16] This has resulted in workers accessing company servers and data across distances and time zones, providing the potential for a more diverse workforce. Remote administration has also been implemented by many businesses as a means of solving IT issues that arise. While previous models required on-site technical support, remote access applications have allowed support staff to access user devices from an external site. This has streamlined the troubleshooting process as it allows for technical support workers to implement shutdown functions, access peripheral networks, and view and modify files and data stored on the user's computer. [17]

Accessibility

One notable development in the accessibility of remote working is the potential for physically handicapped employees to work from home. It is estimated that only 40% of adults aged 25 to 54 in the United States with disabilities have a job. [18] This is due to the barriers posed to people with disabilities in the conventional working environment. The use of remote access software has allowed for handicapped workers that are unable to physically enter a workplace environment to work from the comfort of their home instead. This has led many organizations to espouse optimism on the increased accessibility of working environments for handicapped employees as the conventional workplace moves increasingly online. [19]

Education

Remote access schooling has become commonplace since the start of the COVID-19 pandemic. As of September 2020, students have used remote access software as a means of accessing school computers in order to access homework and educational material provided by the school district. Through remote access, programs that would require the purchasing of licenses, such as video editing, animation, 3D designing, and other educational software have become available to educators and students at any time. [20] [21]

Education is also being facilitated through remote access learning by introducing one on one communication between students and teachers. This type of software has been used by educators to remotely access student devices in order to perform demonstrations for concepts directly to a student's screen.

Personal Use

A diagram to represent the functionality of a VPN

An increasingly popular use of remote access is for Virtual Private Networks (VPNs). VPNs are primarily used by individuals to increase their online safety when using public networks, which can present security threats regarding personal and sensitive information. VPNs serve a similar function to the use of remote access for businesses, but are becoming more commonly used by people for everyday activities online.

VPNs divert a user’s activity through a private, encrypted remote server that creates a “tunnel” to the chosen website destination. An additional layer of privacy is added by only allowing online applications to view the IP address of the remote server rather than that of the user’s personal device. Notably, this prevents Internet Service Providers (ISPs) from being able to see a user’s search history. On top of masking the IP address, most VPN providers do not keep any logs of user activity, further bolstering the anonymity of using a VPN. This is a key difference compared to commercial remote access, which generally logs most or all employee activity for a number of purposes including audits and error checking. [22]

By using a VPN, a user can easily change their IP address to that of another country or region, allowing them to access information exclusive to said region. This is commonly used to view region-locked content on streaming services such as Netflix [23] as well as being an effective way to circumvent government censorship in countries like China. [24]

Associated Risks

Cyber Security

Remote access client devices generally have weaker protection than standard client devices. Many devices used with remote access software are not managed by the enterprise, resulting in no protection from existing firewalls and antivirus present on corporate-owned devices.[25] Additionally, client remote access devices often lack physical security controls. These devices are more commonly stored in bags or in homes that are not afforded the same physical protection provided to devices stored in an enterprise building. Finally, remote access communications can be carried out over untrusted networks, increasing the risk of losing private or personal data while communicating with a remote device.[26]

Example security network designed to protect remote access systems. [27]


A brief overview of the risks associated with remote access software include:

  • Monitoring of communications over a network
  • Deployment of rogue wireless access points
  • The exploitation of client devices through other practices designed to collect sensitive data (phishing, keylogging, etc.)
  • Unauthorized access to resources by a third-party
  • Loss of remote access devices to untrusted parties
DDOS Attacks

Distributed Denial of Service (DDoS) attacks pose aserious privacy concern for those utilizing remote access services. DDoS attacks take the form of flooding (more specifically ICMP or SYN floods) or crashing of web services that prevent legitimate users from accessing remote services. The largest DDoS attack recorded occurred in 2018, when the large-scale code-hosting service Github was targeted. [28]

As of January 2021, over 33,000 Windows remote desktop products have been identified as vulnerable to large-scale DDoS attacks across a variety of international borders. The effects of attacks on services like these include loss of company or private data as well as breaches in contracts between users[29].

Privacy

With the implementation of remote access software allowing employees to work from anywhere, employees are able to access intellectual property information from unsecured remote locations, outside perimeter-based security measures that have been implemented within office environments. As a result, these unsecured work environments can lead to inadvertent and nefarious unauthorized data leaks. As noted by data ethics experts, employees can use their remote access positions to leak or sell sensitive information to consumers. [30]

Steps taken to mitigate the unethical use of sensitive data by employees include using the REVISE framework in order to guide intervention policies. [31] The REVISE framework is composed of a 3-principle framework:

  • Reminding emphasizes the effectiveness of subtle cues that increase the salience of morality and decrease the ability to justify dishonesty
  • Visibility refers to social monitoring cues and aims to restrict anonymity, prompt peer monitoring, and elicit responsible norms.
  • Self-engagement increases the motivation to maintain a positive self-image and generates personal commitment to act morally.

Malicious Variants

A RAT is a swiss army knife of sorts, it consolidates a number of tools into one package. image via Cisco Blogs

Remote Access Trojans (RATs) are a form of malicious software that allows an outside source to gain unauthorized access to a user’s device in a similar manner to remote access software. Known for their longevity and ability to reemerge after time spent dormant, RATs are one of the most dangerous forms of cybercriminal activity. [32]

This malicious software type is bound by the same requirements as typical, legal remote software programs. However, RATs tend to be installed without user knowledge, avoiding firewalls and anti-virus scans in order to collect sensitive user data and control outside devices.

Notable examples of RATs include:

  • Snort
  • OSSEC
  • Zeek
  • Suricata
  • Sagan

Safeguards to Remote Access

Portable devices and Web-based technology enable remote access by providing off-site access to work-based applications and facilitating the transport of large amounts of data with the minimum amount of resources. Privacy and security rules do not prohibit remote access, but they do require that organizations implement appropriate safeguards to ensure the privacy and security of protected information.[33] Technological safeguards that are independent of policies and procedures are preferable. To be most effective, they should either be supported by the organization from the moment of installation or be a prerequisite to granting permission for remote access. They may include:

  • Establishing a virtual network with controlled access developed to the organization’s specifications. This approach is best because the work product never leaves the site. A small risk exists for unauthorized screen scraping (when a computer program extracts data from the display output of another program) and creative data downloads. There are added set-up and maintenance costs with this option.[34]
  • Maintenance of encryption, password management, virus protection, and patch updates on portable and home devices. These activities protect the application, the device, the network, and the data. However, such safeguards are cumbersome to operate and interfere with the user’s work, thus encouraging work-arounds. Cutting-edge technology with safeguards invisible to the user may reduce work-arounds, but have the potential to increase cost.

In the absence of technological safeguards, compliance may be achieved through administrative safeguards. They include policies, procedures, and workforce education, training, and awareness. Examples include:

  • Requiring specialized remote access user agreements delineating obligation to adhere to administrative, technical, and physical safeguards designed to protect the privacy and security of electronic information. [35]
  • Prohibiting taking work off-site. Work product that does not leave the premises is protected by whatever security features are installed on-site and in a well-functioning, controllable environment. However, emergencies must be handled by on-site staff or await reinforcements. [36]
  • Requiring anyone who takes work off-site on his or her own initiative to assume responsibility for its security and maintain virus protection, patch updates, dispose of confidential waste, and log out. If remote access is for user convenience, strict policies must be developed and enforced including requiring adequate security in the off-site environment.

References

  1. Jackins, T. (2021, March 09). What is remote access? Connect to your computer from anywhere. Retrieved March 12, 2021, from https://www.splashtop.com/what-is-remote-access
  2. Rosencrance, L. (2020, April 14). What is remote access? - definition from whatis.com. Retrieved March 12, 2021, from https://searchsecurity.techtarget.com/definition/remote-access#:~:text=Remote%20access%20is%20the%20ability,they%20are%20physically%20far%20away
  3. Editor. (2019, August 24). Remote access Service (RAS). Retrieved March 12, 2021, from https://networkencyclopedia.com/remote-access-service-ras/
  4. Covid-19 guidance: Businesses and employers. (n.d.). Retrieved March 12, 2021, from https://www.cdc.gov/coronavirus/2019-ncov/community/guidance-business-response.html
  5. Remote desktop software statistics and trends. (2020, July 1). https://www.trustradius.com/vendor-blog/remote-desktop-buyer-statistics-and-trends.
  6. How it works. (n.d.). Retrieved March 12, 2021, from http://plcremote.net/how-it-works/
  7. Ken. (2019, April 23). How to ensure better productivity? Vpn access vs. remote access. Retrieved March 12, 2021, from https://remoteaccess.itarian.com/blog/how-to-ensure-better-productivity-vpn-access-vs-remote
  8. Moore, J., & Wigmore, I. (2018, October 30). hosted services. SearchITChannel. https://searchitchannel.techtarget.com/definition/hosted-services
  9. Amazon Web Services (AWS) - Cloud Computing Services. (n.d.). Amazon Web Services, Inc. https://aws.amazon.com/
  10. Google Cloud. (n.d.). Cloud Computing Services |. https://cloud.google.com/
  11. Novet, J. (2021, February 2). Amazon’s cloud division reports 28% revenue growth; AWS head Andy Jassy to succeed Bezos as Amazon CEO. https://www.cnbc.com/2021/02/02/aws-earnings-q4-2020.html
  12. Gagliordi, N. (2021, February 2). Alphabet beats Q4 estimates, Google Cloud revenue climbs. https://www.zdnet.com/article/alphabet-beats-q4-estimates-google-cloud-revenue-climbs/
  13. Kienitz, P. (2020, May 19). Technology 101: What is Hosted Software? DCSL Software Ltd. https://www.dcslsoftware.com/technology-101-what-is-hosted-software/#:%7E:text=Hosted%20software%20means%20having%20your,As%2DYou%2DGo%20model
  14. WordPress.com. (n.d.). WordPress.com: Create a Free Website or Blog. https://wordpress.com/
  15. Salinger, Y. (2019, September 16). IaaS, PaaS, SaaS and hosted appliances: Making sense of the cloud and what it offers. ITProPortal. https://www.itproportal.com/features/iaas-paas-saas-and-hosted-appliances-making-sense-of-the-cloud-and-what-it-offers/
  16. Is it time to let employees work from anywhere? (2020, March 04). Retrieved March 12, 2021, from https://hbr.org/2019/08/is-it-time-to-let-employees-work-from-anywhere
  17. FinSMEs. (2020, April 21). The benefits of IT support in a remote environment. Retrieved March 12, 2021, from https://www.finsmes.com/2020/04/the-benefits-of-it-support-in-a-remote-environment.html
  18. Stengel, G. (2020, April 20). Working from home opens the door to employing people with disabilities. Retrieved March 12, 2021, from https://www.forbes.com/sites/geristengel/2020/04/20/working-from-home-opens-the-door-to-employing-people-with-disabilities/?sh=6502eb5414bf
  19. For those with disabilities, shift to remote work has opened doors (video). (2020, October 27). Retrieved March 12, 2021, from https://www.csmonitor.com/Business/2020/1027/For-those-with-disabilities-shift-to-remote-work-has-opened-doors-video
  20. Jackins, T. (2021, February 24). Remote access in education - CLASSROOM, EdTech, and support. Retrieved March 12, 2021, from https://www.splashtop.com/remote-access-education-uses
  21. School Computer Labs Made Inaccessible by COVID-19 Generate Increased Demand for Splashtop Remote-Access Software, uk.advfn.com/stock-market/stock-news/83272466/school-computer-labs-made-inaccessible-by-covid-19.
  22. Chen, C. (2020, March 25). Site to Site (Commercial) VPN vs Remote Access (Personal) VPN. https://www.privateinternetaccess.com/blog/site-to-site-commercial-vpn-vs-remote-access-personal-vpn/
  23. Hodge, Rae. (2020, April 23). VPN use surges during the coronavirus lockdown, but so do security risks. https://www.cnet.com/news/vpn-use-surges-during-the-coronavirus-lockdown-but-so-do-security-risks/
  24. Lin, L & Chin, J. (2017, August 2). China’s VPN Crackdown Weighs on Foreign Companies There. https://www.wsj.com/articles/chinas-vpn-crackdown-weighs-on-foreign-companies-there-1501680195
  25. Lisa Ashjian Mar 11. “Secure Remote Access Explained.” AT&T Cybersecurity, cybersecurity.att.com/blogs/security-essentials/secure-remote-access-explained.
  26. “Security Concerns with Remote Access.” Https://Csrc.nist.gov/CSRC/Media/Events/HIPAA-Security-Rule-Implementation-and-Assurance/Documents/NIST_Remote_Access.Pdf, NIST, csrc.nist.gov/CSRC/media/Events/HIPAA-Security-Rule-Implementation-and-Assurance/documents/NIST_Remote_Access.pdf.
  27. “Corporate Firewall.” Corporate Firewall - an Overview | ScienceDirect Topics, www.sciencedirect.com/topics/computer-science/corporate-firewall
  28. What are Denial of Service (DoS) attacks? DoS attacks explained. (n.d.). Norton. https://us.norton.com/internetsecurity-emerging-threats-dos-attacks-explained.html
  29. Arntz, P., & ABOUT THE AUTHOR Pieter Arntz Malware Intelligence Researcher . (2021, January 29). RDP abused for DDoS attacks. Malwarebytes Labs. https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/01/rdp-abused-for-ddos-attacks/.
  30. Khan, Roomy. “Work From Anywhere Trend Intensifying Ethics, And Compliance Issues.” Forbes, Forbes Magazine, 10 Nov. 2020, www.forbes.com/sites/roomykhan/2020/11/06/work-from-anywhere-trend-intensifying-ethics-and-compliance-issues/?sh=4d734e412f38.
  31. Ayal, Shahar, et al. “Three Principles to REVISE People’s Unethical Behavior.” SAGE Journals, journals.sagepub.com/doi/full/10.1177/1745691615598512.
  32. “Remote Access Trojan Detection: Software & RAT Protection Guide.” DNSstuff, 2 Feb. 2021, www.dnsstuff.com/remote-access-trojan-rat.
  33. Cross, MargartAnn. “PDAs Chase Workflow Improvements.” Health Data Management, May 2006: 61–62. Accessed: April 10, 2021.
  34. Health Insurance Portability and Accountability Act of 1996. Public Law 104-191. 164.306(a).Accessed: April 10, 2021.
  35. McDougall, Paul. “Scrambling Data Is Easier than Stopping Its Theft.” Information Week, September 19, 2006: 27.Accessed: April 10, 2021.
  36. Centers for Medicare and Medicaid Services. “HIPAA Security Guidance.” Available online at www.cms.hhs.gov/SecurityStandard. Accessed: April 10, 2021