Page 935 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 935

Summary


               Remote access security management requires security system
               designers to address the hardware and software components of the
               implementation along with policy issues, work task issues, and

               encryption issues. This includes deployment of secure communication
               protocols. Secure authentication for both local and remote connections
               is an important foundational element of overall security.

               Maintaining control over communication pathways is essential to
               supporting confidentiality, integrity, and availability for network,
               voice, and other forms of communication. Numerous attacks are
               focused on intercepting, blocking, or otherwise interfering with the

               transfer of data from one location to another. Fortunately, there are
               also reasonable countermeasures to reduce or even eliminate many of
               these threats.

               Tunneling, or encapsulation, is a means by which messages in one
               protocol can be transported over another network or communications
               system using a second protocol. Tunneling can be combined with

               encryption to provide security for the transmitted message. VPNs are
               based on encrypted tunneling.

               A VLAN is a hardware-imposed network segmentation created by
               switches. VLANs are used to logically segment a network without
               altering its physical topology. VLANs are used for traffic management.

               Telecommuting, or remote connectivity, has become a common
               feature of business computing. When remote access capabilities are

               deployed in any environment, security must be considered and
               implemented to provide protection for your private network against
               remote access complications. Remote access users should be
               stringently authenticated before being granted access; this can include
               the use of RADIUS or TACACS+. Remote access services include Voice
               over IP (VoIP), application streaming, VDI, multimedia collaboration,
               and instant messaging.


               NAT is used to hide the internal structure of a private network as well
               as to enable multiple internal clients to gain internet access through a
   930   931   932   933   934   935   936   937   938   939   940