Example: biology

Presentation - Security Concerns with Remote Access

Security Concerns with Remote Access Karen Scarfone, NIST. Overview Definition/Scope Trends Vulnerabilities Threats SecurityControls and Recent NIST. Publications 2. Remote Access Defined as the ability of an organization's users to Access its nonpublic computing resources from locations other than the organization's facilities (NIST SP 800- 114). Access to public resources out of scope Access between an organization's facilities out of scope 3. Remote Access Trends Increasingly popular because of widespread availability of Internet Access and mobile computing devices More applications and other resources available through Remote Access Wide variety of client devices, including many outside the organization's control Client devices in many types of environments 4.

Remote Access Security General remote access security SP 800-46, Security for Telecommuting and Broadband Communications Use virtual private networks SP 800-77, Guide to IPsec VPNs SP 800-113 (Draft), Guide to SSL VPNs Secure remote access client devices SP 800-114, User’s Guide to Securing External Devices for Telework and Remote Access

Fullscreen Download

Tags:

  Security, Access, Remote, Telework, Remote access, Remote access security, Telework and remote access

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Advertisement

Transcription of Presentation - Security Concerns with Remote Access

1 Security Concerns with Remote Access Karen Scarfone, NIST. Overview Definition/Scope Trends Vulnerabilities Threats SecurityControls and Recent NIST. Publications 2. Remote Access Defined as the ability of an organization's users to Access its nonpublic computing resources from locations other than the organization's facilities (NIST SP 800- 114). Access to public resources out of scope Access between an organization's facilities out of scope 3. Remote Access Trends Increasingly popular because of widespread availability of Internet Access and mobile computing devices More applications and other resources available through Remote Access Wide variety of client devices, including many outside the organization's control Client devices in many types of environments 4.

2 Remote Access Vulnerabilities Remote Access client devices generally have weaker protection than standard client devices Many devices not managed by the enterprise No enterprise firewalls, antivirus, etc. Lack of physical Security controls Remote Access client devices may be used in hostile environments but not configured for them Remote Access communications are carried over untrusted networks 5. Remote Access Threats Communications monitoring and manipulation Deployment of rogue wireless Access points Exploitation of Remote Access client devices and users Phishing, keyloggers, etc. to collect credentials and other sensitive data Unauthorized Access to resources Loss or theft of Remote Access client devices 6. Remote Access Security General Remote Access Security SP 800-46, Security for Telecommuting and Broadband Communications Use virtual private networks SP 800-77, Guide to IPsec VPNs SP 800-113 (Draft), Guide to SSL VPNs Secure Remote Access client devices SP 800-114, User's Guide to Securing External Devices for telework and Remote Access SP 800-111, Guide to Storage Encryption Technologies for End User Devices National Checklist Program, Security Content Automation Protocol (SCAP).

3 7. Remote Access Security (cont.). Understand wireless networking Security Concerns SP 800-97, Establishing Wireless Robust Security Networks: A Guide to IEEE SP 800-48 (Draft), Wireless Network Security for IEEE and Bluetooth Test the Security of Remote Access methods SP 800-115 (Draft), Technical Guide to Information Security Testing 8. Links Computer Security Resource Center Special Publications Draft Publications Questions? 9.

Show more

Documents from same domain

An information exchange For Information Security and ...

An information exchange For Information Security and ...

csrc.nist.gov

Identity, Credential, and Access Management ICAM ICAM represents the intersection of digital identities, credentials, and access control into one comprehensive approach.

  Identity, Access, Credentials, And access

Port Authority Series PA111-SA CDI 01-03-0912B

Port Authority Series PA111-SA CDI 01-03-0912B

csrc.nist.gov

The Port Authority is designed primarily to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The problem of the firewall/router not being able to contact

  Ports, Authority, Port authority

20 Most Important Controls For Continuous Cyber Security ...

20 Most Important Controls For Continuous Cyber Security ...

csrc.nist.gov

Topics • Background • Philosophy and Approach for the “20 Most Important Security Controls” • Control Examples and List of Controls

  Important, Most, Most important

Windows 7 BitLocker FIPS Security Policy - NIST

Windows 7 BitLocker FIPS Security Policy - NIST

csrc.nist.gov

Windows 7 BitLocker™ Drive Encryption is a data protection feature available in Windows® 7 Enterprise and Ultimate for client computers and in Windows Server 2008 R2. BitLocker is Microsoft’s response to one of our

  Windows, Inst, Windows 7, 174 7

J) of SP 800 - NIST Computer Security Resource Center

J) of SP 800 - NIST Computer Security Resource Center

csrc.nist.gov

between SP 800-53, Revision 4 and the Initial Public Draft of SP 800- 53, Revision 5. The changes to the control baselines are reflected in a separate document.

  Inst, Sp 800, Of sp 800

Publication Number: NIST Special Publication (SP) 800-53 ...

Publication Number: NIST Special Publication (SP) 800-53 ...

csrc.nist.gov

The Special Publication 800-series reports on ITL’s research, guidelines, and outreach efforts in information system security, and its collaborative activities …

  Special, Inst, Publication, Nist special publication, Special publication 800

ITL Bulletin Guidelines for Securing Wireless Local …

ITL Bulletin Guidelines for Securing Wireless Local

csrc.nist.gov

Wireless networks, like other communications networks, ... NIST SP 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs), was

  Guidelines, Network, Communication, Wireless, Inst, Bulletin, Local, Communications networks, Wireless networks, Bulletin guidelines for securing wireless local, Securing, Guidelines for securing wireless local

A Random Zoo: Sloth, Unicorn and trx - NIST

A Random Zoo: Sloth, Unicorn and trx - NIST

csrc.nist.gov

sloth, described in Section 3 (and pronounced “slow­ th”), a new approach to public randomness selection, unicorn, is proposed in Section 4: unicorn results in a

  Inst, Random, Sloth, A random zoo

HikSSL Cryptographic Module version 1.0.0 FIPS 140-2 Non ...

HikSSL Cryptographic Module version 1.0.0 FIPS 140-2 Non ...

csrc.nist.gov

Hangzhou Hikvision Digital Technology Co., Ltd. affirms that the module runs correctly on the following network camera and NVR models: • Network Cameras: model names starting with DS-2CD2.

  Technology, Digital, Hikvision, Hangzhou, Hangzhou hikvision digital technology

A Method for Quantitative Risk Analysis - NIST

A Method for Quantitative Risk Analysis - NIST

csrc.nist.gov

It does, however, present its results in a management-friendly form of monetary values, percentages, and probabilities. Since the Office of Management and ... A Method for Quantitative Risk Analysis James W. Meritt. There are two primary methods of risk analysis: Analysis.

  Analysis, Management, Methods, Risks, Inst, Quantitative, Method for quantitative risk analysis

Related documents

GUIDANCE FOR THE CORONAVIRUS CAPITAL PROJECTS FUND

GUIDANCE FOR THE CORONAVIRUS CAPITAL PROJECTS FUND

home.treasury.gov

Social Security Act (the Statute), as added by Section 9901 of the American Rescue PlanAct of ... access to high-quality internet can enable work, education, and health access, and that individuals ... simultaneously telework and engage in remote learning. Recipients will be required to report pricing data as part of program performance and ...

  Security, Access, Remote, Telework

DR4080-811-002, Telework and Remote Work Programs

DR4080-811-002, Telework and Remote Work Programs

www.usda.gov

for managing the Telework and Remote Work Programs within the United States Department of Agriculture (USDA). Effective use of telework and remote work enables USDA to recruit and retain a diverse workforce. Telework and remote work …

  Remote, Telework, Telework and remote

2021 Guide to Telework and Remote Work in the Federal ...

2021 Guide to Telework and Remote Work in the Federal ...

www.telework.gov

2021 Guide to Telework and Remote Work in the Federal Government is designed to replace the contents of OPMs Guide to Telework in the Federal Government. This new guide offers resources to help contextualize the continued evolution of telework and remote work as critical workplace flexibilities given the

  Remote, Telework, Telework and remote

WORKER PROTECTIONS DURING THE COVID-19 OUTBREAK

WORKER PROTECTIONS DURING THE COVID-19 OUTBREAK

www.chicago.gov

Apr 08, 2020 · (or telework) due to one of the following reasons for leave: 1. The employee is subject to a federal, state or local quarantine or isolation order related to COVID–19. 2. The employee has been advised by a health care provider to self-quarantine due to concerns related to COVID–19. 3.

  Protection, During, Worker, Telework, Worker protections during

Related search queries

Security, Access, Telework, Remote, Telework and remote, WORKER PROTECTIONS DURING