A Remote Access Security Model based on Vulnerability Management

Full Text (PDF, 959KB), PP.38-51

Views: 0 Downloads: 0

Author(s)

Samuel Ndichu 1,* Sylvester McOyowo 1 Henry Okoyo 1 Cyrus Wekesa 2

1. School of Computing and Informatics, Maseno University, Private Bag, Maseno, Kenya

2. School of Engineering, University of Eldoret, Eldoret, Kenya

* Corresponding author.

DOI: https://doi.org/10.5815/ijitcs.2020.05.03

Received: 5 Mar. 2020 / Revised: 11 Mar. 2020 / Accepted: 16 Mar. 2020 / Published: 8 Oct. 2020

Index Terms

VPN, DMZ, malware, DDoS attack, encrypted traffic, vulnerability management, machine learning

Abstract

Information security threats exploit vulnerabilities in communication networks. Remote access vulnerabilities are evident from the point of communication initialization following the communication channel to data or resources being accessed. These threats differ depending on the type of device used to procure remote access. One kind of these remote access devices can be considered as safe as the organization probably issues it to provide for remote access. The other type is risky and unsafe, as they are beyond the organization’s control and monitoring. The myriad of devices is, however, a necessary evil, be it employees on public networks like cyber cafes, wireless networks, vendors support, or telecommuting. Virtual Private Network (VPN) securely connects a remote user or device to an internal or private network using the internet and other public networks. However, this conventional remote access security approach has several vulnerabilities, which can take advantage of encryption. The significant threats are malware, botnets, and Distributed Denial of Service (DDoS). Because of the nature of a VPN, encryption will prevent traditional security devices such as a firewall, Intrusion Detection System (IDS), and antivirus software from detecting compromised traffic. These vulnerabilities have been exploited over time by attackers using evasive techniques to avoid detection leading to costly security breaches and compromises. We highlight numerous shortcomings for several conventional approaches to remote access security. We then adopt network tiers to facilitate vulnerability management (VM) in remote access domains. We perform regular traffic simulation using Network Security Simulator (NeSSi2) to set bandwidth baseline and use this as a benchmark to investigate malware spreading capabilities and DDoS attacks by continuous flooding in remote access. Finally, we propose a novel approach to remote access security by passive learning of packet capture file features using machine learning and classification using a classifier model.

Cite This Paper

Samuel Ndichu, Sylvester McOyowo, Henry Okoyo, Cyrus Wekesa, "A Remote Access Security Model based on Vulnerability Management", International Journal of Information Technology and Computer Science(IJITCS), Vol.12, No.5, pp.38-51, 2020. DOI:10.5815/ijitcs.2020.05.03

Reference

[1]Ndichu, S., McOyowo, S., Okoyo, H., and Wekesa, C. (2019). A Domains Approach to Remote Access Logical Vulnerabilities Classification, International Journal of Computer Network and Information Security (IJCNIS), Volume 11, Number 11, Pp.36-45.

[2]Foreman, P. (2010). Vulnerability management. Boca Raton, FL, Auerbach Pub. Pp.2-3.

[3]EC-Council. (2012). Virtual Private Networks, Network Defense: Security and Vulnerability Assessment, Cengage Learning, Volume 5 of 5, Chapter 4, Pp.1-20.

[4]Ciampa, M. (2012). Security+ Guide to Network Security Fundamentals. 3rd ed. Boston, MA:    Course Technology, Cengage Learning, Pp.291-292.

[5]Fung, K. (2005). Network Security Technologies. Boca Raton, FL: Auerbach Publications, PP.69-70.

[6]Dong, J. (2007). Network Dictionary, Javvin Technologies, Inc. Pp.199.

[7]Talukdar, M. (2014). Dictionary of Computer and Information Technology, Prabhat Prakashan, May 20, 2014.

[8]EC-Council. (2013). Viruses and Worms, Ethical Hacking and Counter Measures, Module 7, Volume 1, Pp.1079-1081.

[9]Arconati, N. (2002). One Approach to Enterprise Security Architecture, SANS Security Essentials GSEC version 1.3, SANS Institute 2002.

[10]Duffy, B. (2008). Network Defense Training through CyberOps Network Simulations, Proceedings of the Modelling, Simulation, and Gaming Student Capstone Conference, April 9, 2008. 

[11]Guild, R. J. (2004). Design and Analysis of a Model Reconfigurable Cyber-Exercise Laboratory (RCEL) for Information Assurance Education, Naval Postgraduate School, Monterrey, California, USA.

[12]Hill, J. M., Surdu, J. R., Lathrop, S., Conti, G., Carver Jr C. A. (2003). MAADNET NetBuilder: A Service and Demand Focused Network Simulator, International Conference on Simulation and Multimedia in Engineering Education (ICSEE’03), Communication Networks and Distributed Systems Modelling and Simulation (CNDS 2003).

[13]Irvine, C., Thompson, M., and Allen, K. (2005). CyberCIEGE: Gaming for Information Assurance, IEEE Security and Privacy Magazine, vol. 3, Pp.61-64.

[14]Liljenstam, M., Liu, J., Nicol, D., Yuan, Y., Yan, G., and Grier, C. (2005). Real-time Immersive Network Simulation Environment (RINSE) for Network Security Exercises, Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation, IEEE Computer Society, Pp.128.

[15]Schwab, S., Wilson, B., Ko, C., and Hussain, A. (2007). SEER: A Security Experimentation Environment for DETER, Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007, USENIX Association.

[16]Pastor, V., Diaz G., and Castro M. (2010). State of the Art Simulation Systems for Information Security Education, Training and Awareness, IEEE EDUCON Education Engineering – The Future of Global Learning Engineering Education, April 2010, Pp.1907-1916.

[17]Chinnow, J., Bye, R., Schmidt, S., Bsufka, K., Camtepe, S. A., and Albayrak, S. (2009). An Extensible Simulation Framework for Critical Infrastructure Security, DAI Laboratory, School of Electrical Engineering and Computer Science of the Berlin Institute of Technology, Technical Report: TUB-DAI 09/09-1, September 14, 2009.