Difference between revisions of "Secure Remote Working - Overview"

What is Teleworking?

Teleworking by definition is an arrangement between an employee and the employer in which the employee does not commute to their physical work space, but can use the internet and other digital mediums to complete work.

Methods of teleworking include

• Tunneling - using a secure communications tunnel between a device and a remote access server, usually through a VPN.

• Portals - a server that offers access to one or more application via a single interface.

• Direct Application Access - directly connecting and accessing an application without the use of any remote access software.

• Remote Desktop (RDP or VNC) - remotely control a particular host machine through the internet.

Threats and Challenges posed by Teleworking

By connecting via the internet to potentially classified or sensitive applications or data, there are threats to the safety and security of that information.

Secure Issues Include:

• Lack of physical security - devices can be stolen, drives can be copied, or shoulder surfing.
• Unsecured Networks - connecting on networks that are unsecured such as cafe wifi networks, hotel wifi and other open public networks are easy targets for man-in-the-middle attacks and eavesdropping.
• Providing Internal Access Externally - servers will be facing the internet therefore increasing the potential risk and vulnerability of being compromised.

Key Considerations

Mitigation and Prevention Measures

References

• Secure Teleworking Bulletin - NIST Publication
• Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security - NIST Publication
• Telework Security Issues - CCCS Publication
• Virtual Private Networks - CCCS Publication