Embed Doc
Copy Link
Readcast
Collections

CommentGo Back

Download

Special Publication 800-114

User’s Guide to SecuringExternal Devices for Teleworkand Remote Access

Recommendations of the National Instituteof Standards and Technology

Karen ScarfoneMurugiah Souppaya

User’s Guide to Securing ExternalDevices for Telework and Remote Access

Recommendations of the National Institute of Standards and Technology

Karen ScarfoneMurugiah Souppaya

NIST Special Publication 800-114

C O M P U T E R S E C U R I T Y

Computer Security DivisionInformation Technology LaboratoryNational Institute of Standards and TechnologyGaithersburg, MD 20899-8930November 2007

U.S. Department of Commerce

Carlos M. Gutierrez, Secretary

National Institute of Standards and Technology

James Turner, Acting Director

U

SER

’

S

G

UIDE TO

S

ECURING

E

XTERNAL

D

EVICES FOR

T

ELEWORK AND

R

EMOTE

A

CCESS

Reports on Computer Systems Technology

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’smeasurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical,administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-seriesreports on ITL’s research, guidance, and outreach efforts in computer security and its collaborativeactivities with industry, government, and academic organizations.

Certain commercial entities, equipment, or materials may be identified in thisdocument in order to describe an experimental procedure or concept adequately.Such identification is not intended to imply recommendation or endorsement by theNational Institute of Standards and Technology, nor is it intended to imply that theentities, materials, or equipment are necessarily the best available for the purpose.

National Institute of Standards and Technology Special Publication 800-114Natl. Inst. Stand. Technol. Spec. Publ. 800-114, 46 pages (Nov. 2007)

ii

of 00

Leave a Comment

User’s Guide to Securing External Devices for Telework and Remote Access

Many people telework (also known as telecommuting), which is the ability for an organization’s employees and contractors to conduct work from locations other than the organizati... (More) Many people telework (also known as telecommuting), which is the ability for an organization’s employees and contractors to conduct work from locations other than the organization’s facilities. Teleworkers use various devices, such as desktop and laptop computers, cell phones, and personal digital assistants (PDA), to read and send email, access Web sites, review and edit documents, and perform many other tasks. Most teleworkers use remote access, which is the ability of an organization’s users to access its nonpublic computing resources from locations other than the organization’s facilities. Organizations have many options for providing remote access, including virtual private networks, remote system control, and individual application access (e.g., Web-based email).
Telework devices can be divided into two categories: personal computers and consumer devices (e.g., cell phones, PDAs, video game systems). Each telework device is owned by the organization or an external entity, either a teleworker or a third party. This publication provides recommendations for securing external devices used for telework and remote access. Many organizations limit the types of external devices that can be used for remote access and which resources they can use, such as permitting teleworker-owned laptops to access a limited set of resources and permitting all other external devices to access Web-based email only. This allows organizations to limit the risk they incur from external devices. When a telework device uses remote access, it is essentially a logical extension of the organization’s own network. Therefore, if the telework device is not secured properly, it poses additional risk to not only the information that the teleworker accesses but also the organization’s other systems and networks. For example, a telework device infected with a worm could spread the worm through remote access to the organization’s internal computers. Therefore, telework devices should be secured properly and have their security maintained regularly. (Less)

Download or Print

2,628 Reads

Info and Rating

Category:	Magazines/Newspapers
Rating:
Upload Date:	02/26/2009
Copyright:	Attribution Non-commercial
Tags:	Reports telework telecommuting computer wireless security Reports telework telecommuting computer wireless security (fewer)

Flag document for inapproriate content

Uploaded by

Download

Embed Doc
Copy Link
Add To Collection
Comments
Readcast
Share

×

Share on Scribd:

Readcast

TIP Press Ctrl-F⌘F to quickly search anywhere in the document.

Searching...

Result 00 of 00

00 results for result for

p.

Sections

More from This User

Related Documents

Mais Deste Usuário

A Relational Model of Data for Large Shared Data Banks

E. F. Codd's seminal paper that went from the mathematics of relational theor...

Comparing Performance of Solid State Devices and Mechanical Disks

Abstract—In terms of performance, solid state devices promise to be superior ...

User’s Guide to Securing External Devices for Telework and Remote A...

Many people telework (also known as telecommuting), which is the ability for ...

Guide to Enterprise Telework and Remote Access Security (Draft)

Many organizations’ employees and contractors use enterprise telework technol...

Unraveling A Well Woven Solo

I have always been fascinated by George Harrison’s guitar work, his precision...

Mathematics, Physics and "A Hard Day’s Night"

In this article we shall use mathematics and the physics of sound to unravel ...

Reconsidering Physical Key Secrecy: Teleduplication via Optical Dec...

The access control provided by a physical lock is based on the assumption tha...

Attacking and defending the McEliece cryptosystem

This paper presents several improvements to Stern's attack on the McEliece cr...

Television's Performance on Election Night 2000: A Report for CNN

The three authors of this report were asked by CNN to constitute an independe...

The MD6 Hash Function

Ron Rivest's proposal for a modern cryptographically secure hash function.

The Skein Hash Function Family

Skein is a new family of cryptographic hash functions. Its design combines sp...

When Good Instructions Go Bad: Generalizing Return-Oriented Program...

This paper reconsiders the threat posed by Shacham’s “return-oriented program...

The Geometry of Innocent Flesh on the Bone: Return-into-libc withou...

We present new techniques that allow a return-into-libc attack to be mounted ...

Designing and implementing malicious hardware

Hidden malicious circuits provide an attacker with a stealthy attack vector. ...

Catalan's Conjecture: Another Old Diophantine Problem Solved

Catalan's Conjecture predicts that 8 and 9 are the only consecutive perfect p...

Experiences Threat Modeling at Microsoft

Describes a decade of experience threat modeling products and services at Mic...

Cross-Cultural Analysis of Students with Exceptional Talent in Math...

At a conference held in January 2005, Lawrence Summers, then president of Har...

Cross-Site Request Forgeries: Exploitation and Prevention

Cross-Site Request Forgery (CSRF) attacks occur when a malicious web site cau...

On the potential for extinction by Muller's Ratchet in Caenorhabdit...

The self-fertile hermaphrodite worm C. elegans is an important model organism...

The ABC-conjecture

The product of the distinct primes in a number is called the radical of that...

Digital Computational Imaging

Imaging has always been the primary goal of informational optics. The whole h...

Review of the Safety of LHC Collisions

The safety of collisions at the Large Hadron Collider (LHC) was studied in 20...

Multi-hop whistler-mode ELF/VLF signals and triggered emissions exc...

google ogb article29 response

Opinie%20WP29%20zoekmachines

Related Docuements

2010teleworkreport

From Cecilia Francisca Ponce Ñanco

Office of Personnel Management (OPM) Telework Guide

The Bottom Line on Telework

Feds Telework 2011

Telework in the European Union

This report examines the phenomenon of telework in the EU – particularly in...

From Nicole Turbé-Suetens

Best Teleworking Company In Florida

Freedom TeleWork enables your company to expand your global presence and use ...

From Adam Gilli

Telework Trends US

From Coy Davidson

GSA Mobility and Telework Policy

July 2011: Implementing the Telework Enhancement Act of 2010: Secur...

July 2011 OMB Memo: Implementing theTelework Enhancement Act of 2010: Securit...

From Christopher Dorobek

U.S. House - H.R. 1722 via MyGov365.com

Telework Improvements Act of 2009 - Provided by MyGov365 - View the legislati...

Chance to Balance

From Jane L Luis

Telecommuting Act of Us Congress 2010

From Martin Jones Kuyu

H.R. 1722 - Enrolled-Bill - United States Congress via MyGov365.com

To require the head of each executive agency to establish and implement a pol...

H.R. 1722 - Introduced-in-House - United States Congress via MyGov3...

To require the head of each executive agency to establish and implement a pol...

H.R. 1722 - Reported-in-House - United States Congress via MyGov365...

To require the head of each executive agency to establish and implement a pol...