Murugiah Souppaya, Karen Scarfone
Résumé: For many organizations, their employees, contractors, business partners, vendors, and/or other users utilize enterprise telework technologies to perform work from external locations. Most of these people use remote access technologies to interface with an organization’s non-public computing resources. The nature of telework and remote access technologies—permitting access to protected resources from external networks and often externally controlled hosts as well—generally places them at higher risk than similar technologies only accessed from inside the organization, as well as increasing the risk to the internal resources made available to users through remote access.
All the components of telework and remote access solutions, including client devices, remote access servers, and internal resources accessed through remote access, should be secured against expected threats, as identified through threat models. Major security concerns include the lack of physical security controls, the use of unsecured networks, the connection of infected devices to internal networks, and the availability of internal resources to external hosts.