Project 1: Remote Access Controls

CST 620 Prevention of Cyber Attack Methodologies Project 1 – Remote Access Controls Security Control Implementation Report Prepared By: First name Last name Version 1.0 Introduction In this manner, FICBANK offers its workforce, Network Partners, and customers a platform to access FICBANK’s system from any location through the use of SSH (Secure Shell) and RDP. The most critical factor which should not be utilized within the protocol is the Security, because that can disturb the process greatly. In this case, foolproof controls are considered the heart of the matter which is placed first to avoid any disadvantages that may follow. In this report, I would like to assess the current standard and suggest the safety improvement plan for the introduction of SSH and RDP in FICSBANK, the main purpose. We use SSH, encryption system associating clients to FICBANK’S Linux/UNIX machines; which support the following: remote administration, file transfers, and applications access. With RDP (Remote Desktop Protocol), off-site users can get entire desktop access, as well as native sound and graphics transmitted through the IP network that exists within the FICBANK. In addition to RDP and SSH, which can be secured by their means of operation, FICBANK can add MFA, network permissions, brute force protection and session monitoring among other hardening measures to achieve higher security protection levels. Placing particular emphasis on security implications of SSH and RDP technologies, the paper is intended to describe threats to which FICBANK is exposed, and provide technical and policy countermeasures, which will ensure proper risk management for these remote access channels and comply with the requirements of industry standards as well as FICBANK risk capacity. This section centers only on setting up RDP and SSH parameters while not attacking other means of accessing instances like VPNs and cloud hosting systems. With this in mind, we are going to equip the bank with tools which have been tailored to match its specific needs as well as set the necessary infrastructure to provide SSH and RDP traffic which the user can access securely. 1 Remote Desktop Protocol (RDP) Best Practices Safe-guarding of the RDP is essential in securing the assets and the network infrastructure (Microsoft, 2021). Long, complex and often altered passwords should be mandatorily used for all RDP user credentials (NIST, 2017). Common passwords and easily guessable passwords should be avoided under all circumstances (CIS, 2021). One more security layer is the form of the multi-factor authentication made to assure the log on to the systems via the RDP (Sans, 2019). Notably, it will require the second way of the authentication either by code or security key (Duo, 2022). When applicable, the RDP port 3389 should not be directly exposed to the internet (CISA, 2022). The RDP servers can be located behind the VPN or firewall with port forwarding set up which makes external access limited (Microsoft, 2021). Communication through RDP should be restricted to specific IP addresses or ranges where vital to connect; all other attempts should be blocked (CIS, 2021). Disable or remove any RDP which is not used for remote access at present to cut down extra access (Sans, 2019). The account lockout policies should be configured in such a way that the account be locked after a specific number of failed attempts of log in (NIST, 2017). This is to avoid the credential brute force attacks to the system (CISA, 2022). All remote desktop protocol connections attempts are being recorded and logging is done hence enabling monitoring of logs to detect if any suspicious activities are existing (CIS, 2021). Instead of permitting external RDP connections to internal hosts a RDP gateway acts as additional layer of secure access control management (Microsoft, 2021). On time implementation of the latest security updates to operation systems and RDP clients is very essential as vulnerabilities are normally disclosed. Implementing a network level authentication before allowing full RDP session prevents using stolen credentials. Identifying and removing RDP vulnerabilities as well as weak credentials from Ubuntu machines that are proactively scanned is the process for ensuring the network security. Following the above mentioned guidelines will ensure ease of security concerns around Remote Desktop Protocol. 2 SSH Best Practices SSH login by password statements with SSH keys authentication shall be disabled. This disallows the brute force credential attacks (NIST, 2017). Even administrative root users are not allowed to directly log in over SSH. The sudo forces a...