Remediation of insecure remote access protocols

cluttered desk with a monitor that reads "Remote Access" in big letters.

Remote access protocols allow a computer to talk to remote systems. They allow system administrators to remotely configure, maintain, and manage systems, and provide individuals access to essential applications and data. Since the start of the COVID-19 pandemic, these protocols have provided needed convenience to users and system administrators who depend on off-site connectivity to campus resources. 

However, when remote access protocols are not properly secured, they open the university, and the U-M community, to cyber threats by, among other things, allowing critical software vulnerabilities to be discovered and end-user credentials to be compromised. These attacks are difficult to detect and challenging to manage should an incident occur.

Insecure Remote Access Protocols (IRAP) have one or more of the following traits or contain unacceptable risk:

  • Do not require DUO
  • Expose local accounts, U-M, and third parties to attack 
  • Do not appropriately use centralized logging
  • Do not implement appropriate brute-force attack mitigation 
  • Are not quickly updated for security vulnerabilities or deprecated prototocls with more secure alternatives
  • Not intended or designed for use on the open internet
  • Data not properly encrypted

These issues can be further compounded by the use of default passwords, password reuse, and the wide availability of publicly-exposed third party credentials.

ITS Information Assurance (IA) has begun work on remediation of specific protocols to enhance U-M’s overall security posture. The goal of IRAP remediation is to ensure individuals maintain appropriate remote access to systems, while protecting critical U-M systems and sensitive data from threat actors.

IA is working with IT leadership and the U-M security community to reduce IRAP risk. The first phase of this project will involve blocking certain outdated protocols such as Telnet and Quote of the Day. We anticipate this work will be completed by late October 2022 (depending on unit engagement and feedback). 

Users can continue to use blocked protocols by implementing simple process changes that significantly reduce the risks introduced by IRAP:

  • Use of VPN: Blocked protocols can be accessed using the U-M-provided VPN service. This requires users to manually start the VPN connection before accessing blocked services. Refer to Getting Started with the VPN for more information. 
  • Use of DirectAccess: Currently, most users of Windows systems managed via ITS MiWorkspace and ITS Platform as a Service can automatically use DirectAccess, which provides VPN-like network access to campus networks. Refer to DirectAccess as a Service for more information. 

Go to Insecure Remote Access Protocol Remediation Project for more information and to stay up-to-date on the project.

Author: Jennifer Wilkerson, ITS Information Assurance

Jen is the lead performance support analyst with ITS Information Assurance. You can reach her at jmruk@umich.edu.