2 hours 23 minutes
hello and welcome back to the I T. Security policy here on Sai Bury. This is a continuation of Module three. This is the remote access tool policy,
and it is starting myself. Try Lemaire here on Side Berry.
If we look at the learning objective for this training, we're gonna look at approve software lists as well as the requirements that are needed for remote access tools.
So once again, we're looking at a Sands template policy.
The overview talks about how what remote desktop software is. It's known as remote access tools. Also, it provides a way for computers and support. Staff would like to share screens, access work, computers. And then it gives examples of such software that you can use examples of these. Log me and go to my P, c, B, N c. And when those remote desktop
remote access software changes a lot, so you might need to put other examples in here of other ones that you know that are happening within the organization. And that's where you would want to go in and modify this
policy purpose. It defines the requirements, remote access tools to use at the company,
and the scope The policy applies to all remote access,
whether either end of the communication terminates at a computer asset of the company.
So if we look at the body of the policy, all remote access tool used to communicate between the company assets and other systems must comply with the following policy requirements.
Though talks about remote access tools provides a mechanism to collaborate between Internet users and external partners
and the proof software list could be obtained from and you would put a place where you can get the listing of the approved software that you have that should that should be looked at on a pretty regular basis, at least on an annual basis to make sure that nothing is not being used anymore. And there's nothing new out there that people have started using within your organization.
The proof software list may change at any time, but following crimes will be used for selecting approved products.
All remote tools or systems that allow communication Resource is from the Internet or external partners must require multi factor authentication
and authentication tokens or smart cords or examples on they must require a pin. Our password
of identification database source must be act directory LDA Piss that if that's what you're using within your organization,
remote access tools must support the company application lee a proxy rather than direct community connections through the perimeter. Far wall
phone access to a must support strong in an encryption of the remote access communication channels as specified in the network. Encryption protocols policy
and all anti virus data. Lost protection. Other security systems must not be disabled with interfered with our circumvented it. Anyway.
Writing all mod access to it must be purchased through the standard company procurement process,
and the information technology must approve the purchase. What you really having that for if you don't want different departments to go in and use our by their own remote access tool that you know nothing about something that's not on the dinner approved list so that you can at least keep up some kind of inventory in regards to the tools that are being used without your within your organization.
So, in summary, today's reflector we discussed most access tools policy and the Proof software list and then the requirements for that
recap question. Because proper configuration is important for secure use of the tools,
blank blank procedures, air provided for each of the proof tools,
and that would be mandatory configuration procedures.
Another recap question.
All remote access tools must be purchased through the blank procurement process,
and that would be the standard procurement process.
Looking forward in our next lecture, we're gonna look at wireless security policy, which is still part of network policies.
Look forward to you joining me for that one. If you have any questions or clarifications, reach me on the cyber ery message. My user name Is that Troy Lemaire
once again, thank you for attending this training on Cyber Harry.