Zones: Remote access: How is access to internal zones from distant locations (including wireless) facilitated?
Options:
Option 1: Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.Option 2: Use controlled configurations for distant environments and provide access through terminal servers.
Option 3: Use remote dial-in access with telephones and modems from controlled environments for distant access.
Option 4: Use remote dedicated connectivity from controlled environments for distant access.
Option 5: Use temporary {encrypted} remote access connections to {terminal servers, microzones} {with controlled configurations, surveillance, recording, limited actions} for remote {diagnosis, maintenance, supervised activities} for limited time frames.
Option 6: Don't allow distant access to internal zones.
Basis:
Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.In most cases, a remote location with equivalent protection in every way should be allowed to connect through adequately secured infrastructure, assuming this doesn't exceed risk aggregation thresholds or violate regulatory, contractual, or other similar mandates.
Use controlled configurations for distant
environments and provide access through terminal servers.
Controlled configurations provide a modicum of protection for remote,
particularly mobile, systems. By augmenting this with locally
controlled terminal services heavily managed internal mechanisms can
provide assurance as well as extensive detection and auditing
capabilities and provide reasonably access and reasonable protection
for many cases.
Use remote dial-in access with telephones and
modems from controlled environments for distant access.
Remote dial-in access from controlled environments provides a
low-speed and, often independent, method of communicating. To the
extent that this is different or harder to simultaneously attack, it
brings benefits in mitigation of common mode failure risks as well as
elsewhere.
Use remote dedicated connectivity from controlled
environments for distant access.
Remote dedicated
connectivity, typically in the form of leased lines that have
cryptographic coverage provided by the vendor, provides high speed,
partially independent, and harder to interfere with connectivity
between locations.
Use temporary {encrypted} remote access
connections to {terminal servers, microzones} {with controlled
configurations, surveillance, recording, limited actions} for remote
{diagnosis, maintenance, supervised activities} for limited time
frames.
Temporary remote connections are typically
controlled by {user access / port / line / device / VPN with VM}
{disablement / disconnect / power down / shutdown} during non-use
periods and {enablement / connection / power up / startup} only during
use periods. Cryptographic protection is commonly used along with
normal access controls or microzone controls to prevent interception
and/or alteration of control and data en-route. Connections may be
direct to devices or through microzones or terminal servers that then
perform the operations from there using controlled
configurations. Remote diagnosis and maintenance may be surveilled and
recorded and actions may be restricted, for example to be read-only
for audit records or to lock out changes without additional
authorization. Similarly, supervised activities may take place in
microzones under direct supervision of the operator of the VM in use
for the microzone. Supervision in this context implies continuous
presence and attention by the microzone operator, and represents a form
of shared simultaneous use. As such, supervision required proper user
behavior by the supervisor.
Don't allow distant access to internal zones.
For some high risk situations, it is simply to risky to allow
external locations to connect into internal network areas.
A cautionary note The structure of the decisions here should take into account that remote access may be from parties of different trust characteristics. For example, for high risk situations, providing equivalent protection in every way implies that the same trust levels for personnel at the remote location apply as at the local location. But as soon as this restriction is removed, there is a potentially far larger population with different trust characteristics to deal with.