Description:

Remote access is access to organizational systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods include dial-up, broadband, and wireless. Organizations often employ encrypted virtual private networks (VPNs) to enhance confidentiality over remote connections. The use of encrypted VPNs does not make the access non-remote; however, the use of VPNs, when adequately provisioned with appropriate control (e.g., employing encryption techniques for confidentiality protection), may provide sufficient assurance to the organization that it can effectively treat such connections as internal networks. VPNs with encrypted tunnels can affect the capability to adequately monitor network communications traffic for malicious code.  Automated monitoring and control of remote access sessions allows organizations to detect cyber-attacks and help to ensure ongoing compliance with remote access policies by auditing connection activities of remote users on a variety of system components (e.g., servers, workstations, notebook computers, smart phones, and tablets).  [SP 800-46], [SP 800-77], and [SP 800-113] provide guidance on secure remote access and virtual private networks.


Priority: High 


Category: Network Security 


Services Associated with AWS: 

  • AWS CloudTrail, AWS VPC Flow Logs, Amazon Guard Duty
  • AWS Client VPN, AWS Direct Connect, AWS Site-to-Site VPN, AWS Identity and Access Management (IAM)


Objective Evidence: 

  • Administrative: documented policies, standards & procedures 
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations 
  • Administrative: supporting documentation of VPN log reviews being performed 
  • Technical: screen shot of firewall/VPN settings 


Possible Technology Considerations: 

  • VPN Concentrator Secure Baseline Configurations (SBC) 


What needs to be answered: 

If there is remote access, is there logging, monitoring, and managing of the remote access system? Do you use firewalling?


  • Ensure Adequate Monitoring of Remote Access Sessions
    Description: This check ensures that all remote access sessions are adequately monitored. Effective monitoring can help detect cyber-attacks and ensure ongoing compliance with remote access policies by auditing the connection activities of remote users.
  • Validate Remote Access Control Mechanisms
    Description: This check verifies that control mechanisms are in place for remote access sessions, including the appropriate use of encrypted virtual private networks (VPNs) to enhance confidentiality.
  • Ensure Encryption for Remote Access Sessions
    Description: This check confirms that all remote access sessions employ adequate encryption techniques for confidentiality protection. This check is particularly relevant if VPNs are used to treat such connections as internal networks.
     

More details: IT administrators monitor and log remote access activity via dedicated monitoring software.