Resolve the three intrusion methods and protection methods for remote access (1)

With the popularization of Information-based offices, the demand for remote access is also surging. More and more enterprises are no longer only satisfied with the use of information systems within the enterprise. Remote access has become increasingly popular in recent years due to staff travel and customer requests for access. Some remote access tools are also available. Tools such as email, FTP, and Remote Desktop provide outbound enterprise employees with access to internal network resources.

However, there is no doubt that remote access to the enterprise's internal network resources increases the enterprise's network vulnerability and creates many security risks. Because most applications that provide remote access do not have internal security policies and do not provide independent security authentication mechanisms.

Or, you need to rely on other security policies, such as IPSec Technology or access control list, to ensure its security. Therefore, remote access increases the risk of attacks on the enterprise's internal network. I try to analyze and summarize common remote intrusion methods here to improve the security of remote access.

1. Attacks against specific services

Enterprises often deploy some HTTP and FTP servers in their internal networks. At the same time, some technologies allow employees to access these servers from outside. Many remote access attacks are targeted at these services. Such applications that support services such as SMTP and POP have internal security risks. Opens a backdoor for intruders.

For example, WEB servers are common services of enterprises. Unfortunately, the HTTP service used by WEB servers is not highly secure. There are many cases of remote access intrusion by attacking WEB servers.

Intruders can easily control WEB servers and gain access to WEB content by exploiting WEB server and operating system defects and security vulnerabilities. In this way, the data can be operated at will after the intruder is successful. That is, data can be secretly stolen without your knowledge or maliciously changed.

Attacks against these specific services are difficult to prevent. However, there are no countermeasures at all. Some effective prevention measures can be taken to prevent Remote Access intrusion to a large extent. Take the following measures to achieve some good results.

1. Use some safer services. Take the WEB server for example. Currently, there are two main protocols that support WEB servers: HTTP and HTTPS. There are many HTTP protocol vulnerabilities, which are easily exploited by intruders and become a stepping stone for remote intrusion into the enterprise's internal network.

HTTPS is relatively more secure. This Protocol includes some security measures, such as data encryption technology. To a certain extent, the security of WEB servers can be improved. Therefore, when necessary, network security personnel can adopt some safer protocols. Of course, there is no free lunch in the world. The server has to pay a lot of system resource overhead.

2. Upgrade the application server. In fact, many remote service attacks are often caused by application server vulnerabilities. For example, a common WEB service attack is the consequence of the combination of HTTP protocol and operating system vulnerabilities.

If the operating system of the Application Server can be upgraded in a timely manner and vulnerabilities of the operating system can be supplemented in a timely manner, the security of these services can be improved to prevent unauthorized users from intruding them.

3. You can select Services with identity authentication functions. For example, TFTP and FTP are all protocols used for file transmission. Allows internal users of an enterprise to build a bridge between file sharing and external visitors. However, although these two services have similar functions, they are far from secure.

TFTP is an insecure protocol and does not provide the identity authentication service. That is to say, anyone who can connect to the TFTP server can access it. FTP provides some authentication functions. Although it also allows anonymous access, network security personnel can improve the security of file sharing as long as anonymous access is restricted.