Zones: Remote access: How is access to internal zones from distant locations (including wireless) facilitated?Options:Option 1: Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.Option 2: Use controlled configurations for distant environments and provide access through terminal servers. Option 3: Use remote dial-in access with telephones and modems from controlled environments for distant access. Option 4: Use remote dedicated connectivity from controlled environments for distant access. Option 5: Use temporary {encrypted} remote access connections to {terminal servers, microzones} {with controlled configurations, surveillance, recording, limited actions} for remote {diagnosis, maintenance, supervised activities} for limited time frames. Option 6: Don't allow distant access to internal zones. Basis:Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.In most cases, a remote location with equivalent protection in every way should be allowed to connect through adequately secured infrastructure, assuming this doesn't exceed risk aggregation thresholds or violate regulatory, contractual, or other similar mandates. Use controlled configurations for distant
environments and provide access through terminal servers. Use remote dial-in access with telephones and
modems from controlled environments for distant access. Use remote dedicated connectivity from controlled
environments for distant access. Use temporary {encrypted} remote access
connections to {terminal servers, microzones} {with controlled
configurations, surveillance, recording, limited actions} for remote
{diagnosis, maintenance, supervised activities} for limited time
frames. Don't allow distant access to internal zones.
A cautionary note The structure of the decisions here should take into account that remote access may be from parties of different trust characteristics. For example, for high risk situations, providing equivalent protection in every way implies that the same trust levels for personnel at the remote location apply as at the local location. But as soon as this restriction is removed, there is a potentially far larger population with different trust characteristics to deal with. |