Please enable JavaScript.

Coggle requires JavaScript to display documents.

10.4.5 (Remote Access Security (Remote access risk includes the following:…

- - - - connectivity options available,ISPs managinf modems, dial in servers , DSL reduces cost
      - To effectively use this option, organizations establish a virtual private network over the Internet to securely communicate data packets over this public infrastructure
        
        :+1::skin-tone-4: ubiquity, ease of use, inexpensive connectivity, and read, inquiry or copy only access
        
        :-1::skin-tone-5:less reliable than dedicated circuits, lack a central authority, and
        can be difficult to troubleshoot
        
        create holes in their security infrastructure. HOWEVER, IDSs decrypt network data and ecrypt then forward to VPN end point , cause a preventive control
    - - :+1::skin-tone-5:greater performance gains in data throughput and reliability, and data on a dedicated link belonging to the subscribing organization,
      - :-1::skin-tone-4:4 to 5 times higher cost
    - - network access server (NAS) works in concert with an organization’s network firewall and router configuration.
        
        NAS handles user authentication, access control and accounting, while maintaining connectivity
        
        calls into the network are received, and as a good security practice, the call is terminated after recording the calling number and performing preliminary authentication procedures
        
        Call back procedure then can be initiated
        
        control can be circumvented through effective
        implementation of call-forwarding mechanisms.
        
        :+1::skin-tone-5:of dial-up connectivity are its low end-user costs (local phone calls) and that it is intuitive and easy to use (familiarity)
        
        :-1::skin-tone-5: related to performance
  - - - remote users may not be able to gain access to data or applications that are vital for them to carry out their day-to-day business
    - - these may gain access to critical applications or sensitive data by exploiting weaknesses in communications software and network protocols
    - - may result in unauthorized access or modification of an organization’s information resources
- - - - Access rules (authorization) specify who can access what :spiral_note_pad:
    - - To provide security authorizations for the files and facilities listed previously,
        
        logical access control mechanisms use access authorization tables, also referred to as access control lists (ACLs) or access control tables.
      - refer to a register of:
        
        • Users (including groups, machines and processes) who have permission to use a particular system resource
        
        • The types of access permitted
- - - - advantages of conducting security in a decentralized environment are:
        
        • The security administration is onsite at the distributed location.
        
        • Security issues are resolved in a timely manner.
        
        • Security controls are monitored on a more frequent basis.
      - risk associated with distributed responsibility for security administration includes:
        
        • Local standards might be implemented rather than those required by the organization.
        
        • Levels of security management might be below what can be maintained by a central administration.
        
        • Management checks and audits that are often provided by central administration to ensure that standards are maintained might be unavailable.
      - many ways to control remote and distributed sites:
        
        • Software controls over access to the computer, data files and remote access to the network should be implemented.
        
        • The physical control environment should be as secure as possible, with additions, such as lockable terminals and a locked computer room.
        
        • Access from remote locations via modems and laptops to other microcomputers should be controlled appropriately
        
        .• Opportunities for unauthorized people to gain knowledge of the system should be limited by implementing controls over access to system documentation and manuals.
        
        • Controls should exist for data transmitted from remote locations, such as sales in one location that update accounts receivable files at another location.
        
        The sending location should transmit control information, such as transaction control totals, to enable the receiving location to verify the update of its files
        
        . When practical, central monitoring should ensure that all remotely processed data have been received completely and updated accurately.
        
        • When replicated files exist at multiple locations, controls should ensure that all files used are correct and current and, when data are used to produce financial information, that no duplication arises.