Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
5Activity
P. 1
Guide to Enterprise Telework and Remote Access Security (Draft)

Guide to Enterprise Telework and Remote Access Security (Draft)

Ratings: (0)|Views: 115 |Likes:
Published by Chris Nash
Many organizations’ employees and contractors use enterprise telework technologies to perform work from external locations. Most teleworkers use remote access technologies to interface with an organization’s non-public computing resources. The nature of telework and remote access technologies—permitting access to protected resources from external networks and often external hosts as well—generally places them at higher risk than similar technologies only accessed from inside the organization, as well as increasing the risk to the internal resources made available to teleworkers through remote access.
All the components of telework and remote access solutions, including client devices, remote access servers, and internal resources accessed through remote access, should be secured against expected threats, as identified through threat models. Major security concerns include the lack of physical security controls, the use of unsecured networks, the connection of infected devices to internal networks, and the availability of internal resources to external hosts. This publication provides information on security considerations for several types of remote access solutions, and it makes recommendations for securing a variety of telework and remote access technologies. It also gives advice on creating telework security policies.
Many organizations’ employees and contractors use enterprise telework technologies to perform work from external locations. Most teleworkers use remote access technologies to interface with an organization’s non-public computing resources. The nature of telework and remote access technologies—permitting access to protected resources from external networks and often external hosts as well—generally places them at higher risk than similar technologies only accessed from inside the organization, as well as increasing the risk to the internal resources made available to teleworkers through remote access.
All the components of telework and remote access solutions, including client devices, remote access servers, and internal resources accessed through remote access, should be secured against expected threats, as identified through threat models. Major security concerns include the lack of physical security controls, the use of unsecured networks, the connection of infected devices to internal networks, and the availability of internal resources to external hosts. This publication provides information on security considerations for several types of remote access solutions, and it makes recommendations for securing a variety of telework and remote access technologies. It also gives advice on creating telework security policies.

More info:

Published by: Chris Nash on Feb 26, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/17/2011

pdf

text

original

 
Special Publication 800-46Revision 1 (Draft)
Guide to Enterprise Teleworkand Remote Access Security(Draft)
Recommendations of the National Instituteof Standards and Technology
Karen ScarfonePaul HoffmanMurugiah Souppaya
 
 
Guide to Enterprise Telework and RemoteAccess Security (Draft)
Recommendations of the National Institute of Standards and Technology 
Karen ScarfonePaul HoffmanMurugiah Souppaya
NIST Special Publication 800-46Revision 1 (Draft)
C O M P U T E R S E C U R I T Y
Computer Security DivisionInformation Technology LaboratoryNational Institute of Standards and TechnologyGaithersburg, MD 20899-8930February 2009
U.S. Department of Commerce
Carlos M. Gutierrez, Secretary
National Institute of Standards and Technology
 
Dr. Patrick D. Gallagher, Deputy Director
 
G
UIDE TO
E
NTERPRISE
T
ELEWORK AND
R
EMOTE
A
CCESS
S
ECURITY
(DRAFT)
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’smeasurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical,administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-seriesreports on ITL’s research, guidance, and outreach efforts in computer security and its collaborativeactivities with industry, government, and academic organizations.
Certain commercial entities, equipment, or materials may be identified in thisdocument in order to describe an experimental procedure or concept adequately.Such identification is not intended to imply recommendation or endorsement by theNational Institute of Standards and Technology, nor is it intended to imply that theentities, materials, or equipment are necessarily the best available for the purpose.
National Institute of Standards and Technology Special Publication 800-46 Revision 1 (Draft)Natl. Inst. Stand. Technol. Spec. Publ. 800-46rev1, 41 pages (Feb. 2009)
ii

Activity (5)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
rezazadeh5671 liked this
sheeba_ro liked this
deemer99 liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->