Topic 10A Use Remote Access Technologies
What are the three key security considerations when allowing remote access to a host or network?
The three key security considerations are: 1. Remote access permissions should be granted selectively using least privilege principles. 2. The connection must use encryption and server identity verification to protect against snooping and evil twin-type attacks. 3. The server software supporting the connection must be safe from vulnerabilities, especially when the server port is accessible over the Internet.
What is the purpose of wake on LAN (WOL) in desktop management tools?
a feature in desktop management tools that allows administrators to remotely power on or boot computers over the network,
What is Secure Shell (SSH)?
a remote access protocol that connects to a command interpreter instead of a desktop window manager. SSH uses encryption to protect each session and is available for all major OS platforms.
Can a helper perform tasks that require User Account Control (UAC) consent using Remote Assistance or Quick Assist in the default configuration?
No
Do Windows Home editions include the Remote Desktop server?
No does not include the Remote Desktop server, but they do include the client, allowing them to connect to other computers.
What are two technologies that can help mitigate the risk of credential vulnerability when using Remote Desktop?
RDP Restricted Admin (RDPRA) Mode and Remote Credential Guard
What are the default TCP ports used by RDP and VNC?
RDP uses TCP port 3389, while VNC uses TCP port 5900.
What is the Quick Assist feature in Windows 10?
alternative to MSRA introduced in Windows 10 that works over the encrypted HTTPS port TCP/443. The helper generates the passcode and must be signed in with a Microsoft account to offer assistance.
What is the port range used by MSRA?
assigns a port dynamically from the ephemeral range (49152 to 65535).
What are some common features of RMM tools and UEM/MDM suites?
automated deployment of upgrades, updates, security-scanner definitions, apps, and scripts, remote network boot capability, access control based on health policies, live chat, and remote desktop or remote shell connection to hosts.
What changes need to be made to allow a helper to perform tasks that require UAC consent using Remote Assistance or Quick Assist?
either the Secure Desktop feature of UAC must be disabled, or UAC notifications need to be turned off or set to a lower level, which weakens the security configuration.
What is Microsoft Remote Assistance (MSRA)?
feature that allows a user to ask for help from a technician or co-worker via an invitation file protected by a passcode. The helper can connect over RDP and join the session with the user, chat, and request control of the desktop.
What is the benefit of out-of-band (OOB) management?
hardware controllers like Intel vPro or AMD PRO, allows administrators to remotely power on a machine, access system firmware setup, and deploy firmware updates and OS installs, even when the OS is not running, improving management capabilities and reducing the need for physical access.
What is the primary purpose of using Remote Desktop Protocol (RDP)?
implement terminal server and client functionality, allowing a user to work at the desktop of a different computer over the network.
What is the purpose of the server's host key pair in SSH?
is used to set up an encrypted channel so that the client can submit authentication credentials securely. Clients use the host key fingerprint to verify they are connecting to a trusted server, mitigating the risk of on-path attacks
Why is monitoring for and removing compromised client public keys critical in SSH security?
many recent attacks on web servers have exploited poor SSH key management
What is the limitation of RDP on Windows in terms of user access?
only one person can be signed in at any one time. Starting an RDP session will lock the local desktop. If a local user logs in, the remote user will be disconnected
How can you enable a Remote Desktop server on a Windows system?
open the Remote Desktop page in the Settings app and configure the necessary settings.
What are the two commonly implemented methods for client authentication in SSH?
password authentication public key authentication, where the server uses the client's public key to generate a challenge that the client must decrypt using the matching private key
What is the purpose of Network Level Authentication (NLA) in Remote Desktop settings?
protects the RDP server against denial of service attacks by authenticating the user before committing any resources to the session.
How can you define which accounts are allowed to connect remotely to a Windows system using Remote Desktop?
use the "Select users" link on the Remote Desktop settings page. You can select users from the local accounts database or from the domain that the machine is joined to
What is the primary function of a locally installed agent in RMM or UEM/MDM suites?
used to report status, log, and inventory information to a management server and provide integration with support ticket/help desk systems. - It supports both desktop and mobile hosts.
How does Windows implement remote desktop functionality
uses the Remote Desktop Protocol (RDP) to implement terminal server
Network Visibility
the ability of the network manager to see what is going on throughout the network
How does connecting to a compromised server with Remote Desktop affect the user's credentials?
the credentials of the user account used to make the connection become highly vulnerable.
Why should users be cautious about allowing access to screen-sharing software?
threat actors may use social engineering to persuade them to allow access, potentially compromising their systems or data. In a corporate environment, there should be a specific out-of-band verification method for users to confirm they are being contacted by an authorized technician.
What are some examples of file transfer software developed by OS vendors?
AirDrop (supported by Apple iOS and macOS), Nearby Sharing (introduced in Windows 10), Nearby Share (Bluetooth-enabled sharing for Android devices).
How can video-conferencing software be used for remote support?
Microsoft Teams or Zoom, often includes a screen-share feature, allowing participants to view and sometimes control the shared screen. While these apps cannot perform administrator-level configurations, ** they are useful for demonstrating tasks or reproducing support issues by observing the user.
What are the two general classes of tools that provide enterprise monitoring and remote access?
Remote Monitoring and Management (RMM) tools, which are designed for use by Managed Service Providers (MSPs), Desktop Management Unified Endpoint Management (UEM) or Mobile-Device Management (MDM) suites, designed for deployment by a single organization
Which TCP port does SSH use by default?
TCP PORT 22
What are some third-party alternatives to screen-sharing and remote-control functionality implemented by MSRA/Quick Assist?
TeamViewer and LogMeIn. These products work securely over HTTPS (TCP/443) and do not require special firewall rules.
What feature in macOS provides remote desktop functionality?
The Screen Sharing feature in macOS provides remote desktop functionality, which is based on the VNC protocol.
What is the default TCP port for the Remote Desktop server?
The default TCP port for the Remote Desktop server is 3389.
Is the macOS Screen Sharing encrypted, and are all VNC implementations encrypted?
The macOS Screen Sharing is encrypted, but not all VNC implementations are encrypted. When using VNC, it is essential to ensure that the connection is secure, using an encrypted version of VNC if necessary.
What is an alternative protocol to RDP for remote desktop functionality?
Virtual Network Computing (VNC) is an alternative protocol for remote desktop functionality.
What open-source implementation of RDP can be used to run an RDP server on a Linux host?
XRDP
How can a virtual private network (VPN) be used as an additional layer of security for remote desktop connections?
a user can establish a secure link and then use remote desktop to connect to a host on the private network. This avoids having to open remote desktop ports on the network's firewall, providing an additional layer of security.