[unisog] Safe remote access

Peter Van Epp vanepp at sfu.ca
Tue Jul 26 23:17:46 GMT 2005

On Fri, Jul 15, 2005 at 06:11:35PM -0700, Andrew Daviel wrote:
> Following an incident where we believe a user had a password captured at
> an Internet cafe in Bulgaria, I've been bouncing the question off a
> couple of lists as "Are Internet cafes safe?"
> To which the general consensus was "No!"

	And the consensus is correct, it isn't safe nor can it be made 
safe easily. One time passwords will help somewhat, but assuming an Internet 
cafe supplied machine (i.e. of unknown reliability) not even encryption will 
help. Unless you encrypt in your head or other secure device you control and 
type the cyphertext in to the terminal, which seems unlikely, or have a keyboard
that encrypts and replace the one on the Internet cafe machine, which is also
unlikely :-) your data can be sniffed. A key stroke logger in the path ahead 
of the encryption will pick off the plain text no matter. If the data is 
sensitive, then the only answer is don't use an Internet cafe. If only the 
authorization is important then one of the software (skey, opie) or hardware 
(token) one time password solutions should work. The session can be hijacked 
and used while its active but it doesn't give the attacker later access to the 
machine. As you point out all machines outbound from the initial one need to 
be protected the same way which suggests a bastion host on your site  which 
accepts only otp connections and can only connect to other machines on your site
that accept otp and/or don't contain sensitive data. The attacker can't use the 
bastion host to attack others from a hijacked connection because the machine 
can only contact other protected (we hope :-)) machines on your site. This 
lets you or at least your site be in control of what data is accessable which 
is about the best risk management thats possible and much of the time will be 
perfectly acceptable to the end user. For you, login credentials aren't 
compromised because of the otp (your user may or may not be concerned about 
that until you disable their compromised account when they are far away of 
course :-)).
	If the user can get a network or wireless connection from a machine 
they control and trust (not an easy thing in itself) then you can be reasonably 
safe as well as long as it uses strong encryption outbound but that isn't 
typical of the Internet cafe type operation where they provide the machine.
This is also the main danger of VPNs unless you are very careful all your VPN
does is ensure the attack doesn't get modified on its trip across the Internet
which probably isn't what you intended (but I've got a VPN, so my connection 
is secure :-)).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the unisog mailing list