Numerous IT departments across the U.S. are more concerned about security issues related to remote access programs and remote management products. This new awareness comes on the heels of new information about the theft of Symantec's pcAnywhere's source code. This headline news has highlighted the ongoing issue of poorly configured remote access programs. These programs account for a large slice of all data breaches.
Two recent studies have verified that there is a problem with remote-access software. Security firm, Trustwave released a global security report that showed 62% of data breaches were via remote access software. The study looked at 300 breaches and analyzed the results of various testing it conducted on behalf of its clients. This finding matches up with the other new study by Verizon. That company looked at breaches and found that 64% of data thieves used weaknesses in remote access software.
"The market problem is much bigger than pcAnywhere," says Joel Bomgar, CEO and founder of enterprise remote-management software maker Bomgar. "That entire category of technology is inherently risk prone. When you have listening ports, someone is going to find a way to brute-force it."
While the trend in computing has been to reduce the overall exposure of potentially vulnerable systems, remote-access software runs counter to those efforts, Bomgar says. Companies are routinely exposing systems inside their network to outside attackers, and frequently the only security is a poorly chosen password. Other things like hardware authentication can be helpful.
Although most of the attention has been to the hacking of pcAnywhere's remote access, there are other more insecure areas of remote access that should have more focus. The top two are virtual network computing (VNC) system. VNC is an open source method to remotely access and manage desktop computers. The other weak area is the Remote Desktop Protocol (RDP). Many of these VNC and RDP ports are open and vulnerable to data hackers.
The biggest portion of systems like these that have been breached are point-of-sale servers in restaurants and other similar retail businesses. Most of these companies don't have the IT resources to lock down their systems in house. They rely on third party vendors who require and use remote access. On top of this, many third party vendors don't use strong security measures to prevent attacks.