Changes

Jump to navigation Jump to search
Created page with "__NOTOC__ top|center|frameless {| class="wikitable" style="align:center; border-top: #000000 2px solid; border-bottom: #000000 2px solid; border-lef..."
__NOTOC__
[[File:telework-nobg.png|top|center|frameless]]
{| class="wikitable" style="align:center; border-top: #000000 2px solid; border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1125px"
|-
! style="background: #2e73b6; color: white" width="250px" height="40px" scope="col" |[[Secure Teleworking |User Considerations]]
! style="background: #2e73b6; color: red" width="250px" height="40px" scope="col" |[[Secure Teleworking Technical Considerations|Technical Considerations]]
! style="background: #2e73b6; color: white" width="250px" height="40px" scope="col" |[[Secure Use of Collaboration Tools|Secure Use of Collaboration Tools]]
|}
{| style="width:1125px;"
|-
| style="backgound:#2e73b6;width:1000px;text-align:left;weight:normal;" scope="col" |
==What is Teleworking?==
As cloud technology, collaborative applications and internet connectivity increase, teleworking is becoming more prevalent than ever before. Teleworking is often done through the following ways:

*Tunneling - using a secure communications tunnel between a device and a remote access server, usually through a VPN.

*Portals - a server that offers access to one or more application via a single interface.

*Direct Application Access - directly connecting and accessing an application without the use of any remote access software.

*Remote Desktop(via RDP or VNC) - remotely control a particular host machine through the internet.

==Threats and Challenges posed by Teleworking==
By connecting via the internet to potentially classified or sensitive applications or data, there are threats to the safety and security of that information.

Security issues may include:
*Lack of physical security - devices can be stolen, drives can be copied, or people can shoulder surf.
*Unsecured Networks - connecting on networks that are unsecured such as cafe, hotel and other open public networks are easy targets for exploitation.
*Providing Internal Access Externally - servers will be facing the internet therefore increasing the potential risk and vulnerability of being compromised.
*Out of Date Software - When using personal devices system updates and patches cannot be guaranteed.

==Mitigation and Prevention Measures==
As the employee will be connect via the internet to potentially classified data and applications it is important that measures are taken to reduce the risk of a security breach.

Some helpful considerations to implement include:
*Mandate the use of multi-factor authentication. Some of these techniques include using an authenticator app, phone verification, etc...
*Develop and deploy a tiered access control system that ensures permissions are segregated.
*Ensure remote servers, user endpoints such as smartphones, tablets, laptops and desktops are regularly patched.
*Secure all remote devices by using anti-malware software and implementing strong firewall rules.
*Use validated encryption to protect data.
*Encrypt device storage such as hard drives, SD Cards, USB Keys, etc...
*Devise policies that detail how a teleworker will access applications remotely as well as what applications and parts of the network they have access to.
*Disable or limit the ability to install applications on devices such as laptops and smartphones.
*Use CCCS/CSE [https://cyber.gc.ca/sites/default/files/publications/itsp.40.111-eng_1.pdf approved cryptography] when applicable.

==Home Network Hardening==
Out of the box, most routers have generic passwords, are out of date, and often contain exploits that can easily be used to intercept, manipulate and store network traffic. However, there are a number of actions that you can take to mitigate these security issues at home. The following were taken from a CyberScoop report that details measures to protect home networks.

*Enable Auto-Updates on endpoint devices. Not only on laptops and smartphones but also on the router itself.
*Disable remote management and administrator function.
*Change the routers default password to something that is unique and adheres to the GC Password Guidance.
*Ensure that any web-based management account for the router is also using a strong, unique password.
*Place IoT devices on a separate router or VLAN.
*Double check which device address' are connecting to the router if possible.

For more information, check out this [https://www.cyberscoop.com/dns-hijacking-covid-19-oski-bitdefender-telework/ CyberScoop report].

== References ==
*[https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2020-03.pdf Secure Teleworking Bulletin - NIST Publication]
*[https://doi.org/10.6028/NIST.SP.800-46r2 Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security - NIST Publication]
*[https://cyber.gc.ca/sites/default/files/publications/itsap.10.016-eng.pdf Telework Security Issues - CCCS Publication]
*[https://cyber.gc.ca/sites/default/files/publications/ITSAP.80.101-en.pdf Virtual Private Networks - CCCS Publication]
*[https://wiki.gccollab.ca/images/2/28/Guidance_for_the_Secure_Use_of_Collaboration_Tools.pdf Guidance For the Secure Use of Collaboration Tools - TBS]
*[https://wiki.gccollab.ca/images/4/4e/Orientation_sur_la_facilitation_de_l%E2%80%99acc%C3%A8s_aux_services_Web.pdf Orientation sur la facilitation de l’accès aux services Web - SCT]
*[https://onezero.medium.com/slack-zoom-google-hangouts-are-your-remote-work-apps-spying-on-you-cf1e33809cf7 Slack, Zoom, Google Hangouts: Are Your Remote Work Apps Spying on You?]
*[[:en:images/9/90/EN_-_Starter_guide_for_taking_part_in_a_Zoom_call.pdf|Starter Guide for Taking Part in a Zoom Call - EN]]
*[[:en:images/0/09/FR_-_Guide_de_démarrage_pour_participer_un_appel_Zoom.pdf|Guide de démarrage pour participer un appel Zoom - FR]]
*[https://cyber.gc.ca/sites/default/files/publications/itsp.40.111-eng_1.pdf Cryptographic Algorithms for Unclassified, Protected A and Protected B Information - ITSP.40.111]
|}

Navigation menu

GCwiki