Fri Apr 8 06:51:39 PDT 2016
Zones: Remote access: How is access to internal zones from distant locations (including wireless) facilitated?
Options:
Option 1: Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.
Option 2: Use controlled configurations for distant environments and provide access through terminal servers.
Option 3: Use remote dial-in access with telephones and modems from controlled environments for distant access.
Option 4: Use remote dedicated connectivity from controlled environments for distant access.
Option 5: Use temporary {encrypted} remote access connections to {terminal servers, microzones} {with controlled configurations, surveillance, recording, limited actions} for remote {diagnosis, maintenance, supervised activities} for limited time frames.
Option 6: Don't allow distant access to internal zones.
Decision:
The following approach to remote access to internal zones
is suggested:
Risk
|
Zone
|
Approach
|
High
|
Restricted
|
Don't allow distant access to internal zones.
|
High
|
Control
|
Don't allow distant access to internal zones.
|
High
|
Trusted
|
Provide equivalent protection in every way for
distant systems and environments and use authenticated encrypted
tunnels to connect them. AND Use remote dedicated
connectivity from controlled environments for distant access. AND
Use temporary encrypted remote access connections to terminal
servers or microzones with controlled configurations,
surveillance, recording, and limited actions for remote diagnosis,
maintenance, and supervised activities for limited time frames.
|
High
|
Audit
|
Provide equivalent protection in every way for
distant systems and environments and use authenticated encrypted
tunnels to connect them. AND Use controlled configurations
for distant environments and provide access through terminal
servers. AND Use remote dedicated connectivity from
controlled environments for distant access.
|
Medium
|
Restricted
|
[Provide equivalent protection in every way for
distant systems and environments and use authenticated encrypted
tunnels to connect them. AND [Use remote dedicated
connectivity from controlled environments for distant access. OR
Use controlled configurations for distant environments and provide
access through terminal servers.]] OR Use temporary
encrypted remote access connections microzones with controlled
configurations, surveillance, and recording for remote supervised
activities for limited time frames.
|
Medium
|
Control
|
[Provide equivalent protection in every way for
distant systems and environments and use authenticated encrypted
tunnels to connect them. AND [Use remote dedicated
connectivity from controlled environments for distant access. OR
Use controlled configurations for distant environments and provide
access through terminal servers.]] OR Use temporary
encrypted remote access connections to terminal servers with
controlled configurations, recording, and limited actions for
supervised activities for limited time frames.
|
Medium
|
Trusted
|
Provide equivalent protection in every way for
distant systems and environments and use authenticated encrypted
tunnels to connect them. OR Use controlled
configurations for distant environments and provide access through
terminal servers. OR Use remote dial-in access with
telephones and modems from controlled environments for distant
access. OR Use remote dedicated connectivity from
controlled environments for distant access. OR Use
temporary encrypted remote access connections to terminal servers
with controlled configurations, surveillance, and recording for
remote diagnosis and maintenance for limited time frames. OR
Use temporary encrypted remote access connections to microzones
with controlled configurations and surveillance for supervised
activities for limited time frames.
|
Medium
|
Audit
|
[Provide equivalent protection in every way for
distant systems and environments and use authenticated encrypted
tunnels to connect them. AND Use controlled configurations
for distant environments and provide access through terminal
servers.]
|
Low
|
Restricted
|
Provide equivalent protection in every way for
distant systems and environments and use authenticated encrypted
tunnels to connect them. OR Use controlled
configurations for distant environments and provide access through
terminal servers. OR Use remote dial-in access with
telephones and modems from controlled environments for distant
access. OR Use remote dedicated connectivity from
controlled environments for distant access. OR Use
temporary encrypted remote access connections to terminal servers
with surveillance and recording for remote diagnosis, maintenance,
and/or supervised activities for limited time frames.
|
Low
|
Control
|
Provide equivalent protection in every way for
distant systems and environments and use authenticated encrypted
tunnels to connect them. OR Use controlled
configurations for distant environments and provide access through
terminal servers. OR Use remote dial-in access with
telephones and modems from controlled environments for distant
access. OR Use remote dedicated connectivity from
controlled environments for distant access. OR Use
temporary encrypted remote access connections to terminal servers
with surveillance and recording for remote diagnosis, maintenance,
and/or supervised activities for limited time frames.
|
Low
|
Trusted
|
Provide equivalent protection in every way for
distant systems and environments and use authenticated encrypted
tunnels to connect them. OR Use controlled
configurations for distant environments and provide access through
terminal servers. OR Use remote dial-in access with
telephones and modems from controlled environments for distant
access. OR Use remote dedicated connectivity from
controlled environments for distant access. OR Use
temporary encrypted remote access connections to terminal servers
and/or microzones with recording for remote diagnosis,
maintenance, and/or supervised activities.
|
Low
|
Audit
|
Provide equivalent protection in every way for
distant systems and environments and use authenticated encrypted
tunnels to connect them. OR Use controlled
configurations for distant environments and provide access through
terminal servers. OR Use remote dial-in access with
telephones and modems from controlled environments for distant
access. OR Use remote dedicated connectivity from
controlled environments for distant access. OR Use
temporary encrypted remote access connections to terminal servers
and/or microzones with recording for supervised activities.
|
Remote access to internal zones
Basis:
Provide equivalent protection in every way for distant systems and
environments and use authenticated encrypted tunnels to connect
them. In most cases, a remote location with equivalent
protection in every way should be allowed to connect through
adequately secured infrastructure, assuming this doesn't exceed risk
aggregation thresholds or violate regulatory, contractual, or other
similar mandates.
Use controlled configurations for distant
environments and provide access through terminal servers.
Controlled configurations provide a modicum of protection for remote,
particularly mobile, systems. By augmenting this with locally
controlled terminal services heavily managed internal mechanisms can
provide assurance as well as extensive detection and auditing
capabilities and provide reasonably access and reasonable protection
for many cases.
Use remote dial-in access with telephones and
modems from controlled environments for distant access.
Remote dial-in access from controlled environments provides a
low-speed and, often independent, method of communicating. To the
extent that this is different or harder to simultaneously attack, it
brings benefits in mitigation of common mode failure risks as well as
elsewhere.
Use remote dedicated connectivity from controlled
environments for distant access. Remote dedicated
connectivity, typically in the form of leased lines that have
cryptographic coverage provided by the vendor, provides high speed,
partially independent, and harder to interfere with connectivity
between locations.
Use temporary {encrypted} remote access
connections to {terminal servers, microzones} {with controlled
configurations, surveillance, recording, limited actions} for remote
{diagnosis, maintenance, supervised activities} for limited time
frames. Temporary remote connections are typically
controlled by {user access / port / line / device / VPN with VM}
{disablement / disconnect / power down / shutdown} during non-use
periods and {enablement / connection / power up / startup} only during
use periods. Cryptographic protection is commonly used along with
normal access controls or microzone controls to prevent interception
and/or alteration of control and data en-route. Connections may be
direct to devices or through microzones or terminal servers that then
perform the operations from there using controlled
configurations. Remote diagnosis and maintenance may be surveilled and
recorded and actions may be restricted, for example to be read-only
for audit records or to lock out changes without additional
authorization. Similarly, supervised activities may take place in
microzones under direct supervision of the operator of the VM in use
for the microzone. Supervision in this context implies continuous
presence and attention by the microzone operator, and represents a form
of shared simultaneous use. As such, supervision required proper user
behavior by the supervisor.
Don't allow distant access to internal zones.
For some high risk situations, it is simply to risky to allow
external locations to connect into internal network areas.
A cautionary note The structure of the
decisions here should take into account that remote access may be from
parties of different trust characteristics. For example, for high risk
situations, providing equivalent protection in every way implies that
the same trust levels for personnel at the remote location apply as at
the local location. But as soon as this restriction is removed, there
is a potentially far larger population with different trust
characteristics to deal with.
Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved
|