3.4 Remote Access Policy

00:01

Hello and welcome back to I t. Security policy here on Cyber Eri.

00:06

This is Model three, the remote access policy with myself. Troy Lemaire

00:12

When this learning objective will have two things that we're gonna focus on the responsibility and then the requirements,

00:21

let's get into the policy itself. It's another Sands template policy

00:26

in the overview we're gonna look at remote access is for our corporate network, and it's essentially maintain our team's productivity. But in many cases, remote access originate from networks that may already be a compromise. Are at a significantly lower security posture than our corporate network.

00:43

The purpose of the policies to define rules and requirements for connecting to the network from any hosts. The rules. A requirement designed to minimize potential exposure

00:52

damages, which may result from unauthorized use of companies. Resource is,

00:57

if we go ahead and look at the scope of the policy, is gonna apply to all employees, contractors of injures and agents

01:03

with own or personally owned computers or workstations that connect to the company's network.

01:11

The policy applies to remote access connections used to do work on behalf of the company,

01:18

So if we look at the policy itself

01:21

basically remote access policy. If you boil it down, is gonna give the information that's needed for anybody that wants to connect in remotely

01:29

from outside into the company's network. To use any of the company's resource is to do their work.

01:34

This is tricky because a lot of times, if you have personal equipment, that personal equipment might not have the same standards as company own equipment. And so they might be more susceptible to things like viruses or malware. Things like that that once you remotely access something on the network could spread that into your own company's network. So you want to be very

01:55

specific

01:56

in what is allowed in what is not allowed within the remote access policy.

02:02

So in the policy is the responsibility of all these people that work for the company to ensure the remote connection is giving the same consideration as on site connections.

02:13

General access to the Internet for recreational use. The company network is limited,

02:19

and when you access the company's network from a personal computer, authorized users are responsible preventing

02:24

access to any computer resource. Our data by non authorized users

02:30

doing anything illegal through the company's network is prohibited

02:35

and the user bears responsibility for, and the consequences of any of the

02:40

misuse of the authorized access

02:45

is authorized access. Excuse me. Authorized users will not use the networks to access the Internet for outside business interests.

02:53

So now that we get into the requirements of the actual policy,

02:58

this is gonna be the section that you're going to look at to modify to fit whatever is going on within your organization and the standards that you want the staff to comply with

03:07

some of the requirements that you can use here. Secure remote access must be strictly controlled with encryption,

03:15

such as a VPN.

03:16

Authorized users shall protect their log in and password even from family members.

03:23

And while using company owned computer remotely connected a network,

03:28

the user shall ensure the remote host is not connected to any other network at the same time,

03:32

the exception of personal networks that are under the complete control or under complete control of an authorized user. Our third party,

03:38

basically what that piece is saying, is that they're not gonna go down to their local Starbucks, get on the Starbucks WiFi and then try to connect into the company's

03:47

resource is

03:52

all host. They're connected. The company's internal network via remote access technologies must use the most up to date antivirus software.

03:59

If you're gonna have that, you're gonna need a way to enforce it.

04:01

A lot of times you can use certain tools, and we'll get into that in the next section. But those tools will be able to control what type of

04:11

and I virus are. Other mechanisms for security or used on their personal equipment

04:17

and the personal equipment used to connect to the network must meet the requirements

04:21

of the hardware and software configuration standards.

04:27

We look at what we tried, including every policies, compliance of the policy and just says that we're gonna be able to verify through various methods that this policy is being enforced.

04:39

In the end, noncompliance, any employee found that violate the policy subject to display an action up to and including termination of employment.

04:50

So in this lecture today, we cover remote access policy,

04:54

cover the responsibility as well as the requirements

05:00

recap question the authorized users bear responsibility for and the consequences of blank of the authorized users access

05:09

that is the misuse of the access

05:13

Second recap question authorized users shall protect their log in and password even from,

05:20

and that would be family members. You have to be very Larry, because if these people are doing things at home,

05:27

they're gonna have to be able to make sure that their family can't see what they're doing on their computers as well as not knowing their log in and password information.

05:39

We're looking forward. Our next lecture is gonna be on actual remote access tools policy that goes along with this remote access policy

05:47

sessions or clarification.

05:49

Message me on the side. Very message. My user name is that Troy Lemaire