Page 886 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 886
reduced.
Telecommuters might use insecure or less-secure remote systems
to access sensitive data and thus expose it to greater risk of loss,
compromise, or disclosure.
Remote systems might be exposed to malicious code and could be
used as a carrier to bring malware into the private LAN.
Remote systems might be less physically secure and thus be at risk
of being used by unauthorized entities or stolen.
Remote systems might be more difficult to troubleshoot, especially
if the issues revolve around remote connection.
Remote systems might not be as easy to upgrade or patch due to
their potential infrequent connections or slow throughput links.
However, this issue is lessened when high-speed reliable
broadband links are present.
Plan Remote Access Security
When outlining your remote access security management strategy, be
sure to address the following issues:
Remote Connectivity Technology Each type of connection has its
own unique security issues. Fully examine every aspect of your
connection options. This can include cellular/mobile services,
modems, Digital Subscriber Line (DSL), Integrated Services Digital
Network (ISDN), wireless networking, satellite, and cable modems.
Transmission Protection There are several forms of encrypted
protocols, encrypted connection systems, and encrypted network
services or applications. Use the appropriate combination of secured
services for your remote connectivity needs. This can include VPNs,
SSL, TLS, Secure Shell (SSH), IPsec, and Layer 2 Tunneling Protocol
(L2TP).
Authentication Protection In addition to protecting data traffic,
you must ensure that all logon credentials are properly secured. This
requires the use of an authentication protocol and may mandate the
use of a centralized remote access authentication system. This can
