March 16, 2012
Recent articles in InfoWorld, “Microsoft urges firms to focus on severe RDP flaw,” and PCWorld, “Microsoft issues Urgent Patch for ‘Wormable’ RDP Vulnerability,”(1) illustrate the potential dangers of software-based remote access tools. The vulnerability, cited as “dangerous,” “very serious” and “critical” applies to the Remote Desktop Protocol, widely used throughout the IT industry for remote access. Other software-based systems include VNC, pcAnywhere, and many others.
Software-based remote access is widespread. The InfoWorld article mentions that “There could be as many as 250 million systems with an open RDP port” and “An estimated 140,000 computers running pcAnywhere could be directly contacted from the Internet.” In my previous blog focused on the dangers of poorly configured remote access systems, I cite another article that estimates 83 million open VNC ports.
Users of remote access software should closely follow best security practices as recommended by the applicable vendor and their security organization, as well as immediately apply security patches as they are available. Users should not be complacent about the use of these tools, and should carefully and thoughtfully consider the benefits and risks, applying the proper safeguards to harden and monitor their environments.
Users should also consider the benefits of hardware based remote access, such as KVM-over-IP switches, which provide “out-of-band” access that does not rely on “software” running on the remote server. Out-of-band access can be more secure, provide access even when the server’s OS or network is not working, and provide a wider range of use cases including BIOS-level access and remote booting. A higher level of manageability can be achieved through centralized permissions, authentication, and logging. And as the KVM switch does not rely on software running on the remote servers, there is never a need to patch hundreds or thousands of servers.
With 24x7 reliability required for today’s IT infrastructure, remote access is an absolute necessity. These recent articles illustrate the dangers of software-based approaches and the need to seriously examine your remote access users to implement a secure, productive, and manageable remote access solution.