A Remote Access Security Model based on Vulnerability Management

Abstract

Information security threats exploit vulnerabilities in communication networks. Remote access vulnerabilities are evident from the point of communication initialization following the communication channel to data or resources being accessed. These threats differ depending on the type of device used to procure remote access. One kind of these remote access devices can be considered as safe as the organization probably issues it to provide for remote access. The other type is risky and unsafe, as they are beyond the organization’s control and monitoring. The myriad of devices is, however, a necessary evil, be it employees on public networks like cyber cafes, wireless networks, vendors support, or telecommuting. Virtual Private Network (VPN) securely connects a remote user or device to an internal or private network using the internet and other public networks. However, this conventional remote access security approach has several vulnerabilities, which can take advantage of encryption. The significant threats are malware, botnets, and Distributed Denial of Service (DDoS). Because of the nature of a VPN, encryption will prevent traditional security devices such as a firewall, Intrusion Detection System (IDS), and antivirus software from detecting compromised traffic. These vulnerabilities have been exploited over time by attackers using evasive techniques to avoid detection leading to costly security breaches and compromises. We highlight numerous shortcomings for several conventional approaches to remote access security. We then adopt network tiers to facilitate vulnerability management (VM) in remote access domains. We perform regular traffic simulation using Network Security Simulator (NeSSi2) to set bandwidth baseline and use this as a benchmark to investigate malware spreading capabilities and DDoS attacks by continuous flooding in remote access. Finally, we propose a novel approach to remote access security by passive learning of packet capture file features using machine learning and classification using a classifier model.

Information security threats exploit vulnerabilities in communication networks. Remote access vulnerabilities are evident from the point of communication initialization following the communication channel to data or resources being accessed. These threats differ depending on the type of device used to procure remote access. One kind of these remote access devices can be considered as safe as the organization probably issues it to provide for remote access. The other type is risky and unsafe, as they are beyond the organization’s control and monitoring. The myriad of devices is, however, a necessary evil, be it employees on public networks like cyber cafes, wireless networks, vendors support, or telecommuting. Virtual Private Network (VPN) securely connects a remote user or device to an internal or private network using the internet and other public networks. However, this conventional remote access security approach has several vulnerabilities, which can take advantage of encryption. The significant threats are malware, botnets, and Distributed Denial of Service (DDoS). Because of the nature of a VPN, encryption will prevent traditional security devices such as a firewall, Intrusion Detection System (IDS), and antivirus software from detecting compromised traffic. These vulnerabilities have been exploited over time by attackers using evasive techniques to avoid detection leading to costly security breaches and compromises. We highlight numerous shortcomings for several conventional approaches to remote access security. We then adopt network tiers to facilitate vulnerability management (VM) in remote access domains. We perform regular traffic simulation using Network Security Simulator (NeSSi2) to set bandwidth baseline and use this as a benchmark to investigate malware spreading capabilities and DDoS attacks by continuous flooding in remote access. Finally, we propose a novel approach to remote access security by passive learning of packet capture file features using machine learning and classification using a classifier model.