NERC Guidance for Secure Interactive Remote Access, July 2011 National Institute of Standards and Technology (NIST), NIST Special Publication (SP) 800 -63-2 (2013) 22 Summary Interactive Remote Access must be managed by an Intermediate System(s) Interactive Remote Access does not originate on an Intermediate System or inside of an ESP
Full Answer
What are the best practices for securing remote access?
Best Practices for Securing Remote Access. RAS: The most basic form of VPN remote access is through a RAS. This type of VPN connection is also referred to as a Virtual Private Dial-up Network ... IPSec: IPSec is an IP packet authentication and encryption method. It uses cryptographic keys to protect ...
How to ensure optimum security while working from a remote location?
A mix of strategies is required to achieve optimum security while allowing appropriate, or even maximum, access to your employees while working from a remote location. Let’s dive right in. The first thing that’s required to ensure smooth remote access via a VPN is to plan out a comprehensive network security policy.
Should you allow remote employees access to your intranet?
Although a lot depends on which class a user is a member of, for most use cases, granting access to specific applications such as the remote employee’s mailbox on an exchange server, and a subset of URLs hosted on the intranet web server is just the right strategy. Why expose the entire network to risks?
What are the security considerations for Remote Desktop?
Security considerations for remote desktop include: Direct accessibility of systems on the public internet. Vulnerability and patch management of exposed systems. Internal lateral movement after initial compromise. Multi-factor authentication (MFA). Session security.
What is interactive remote access?
Interactive Remote Access means user-initiated access by a person employing a remote access client or other remote access technology using a routable protocol.
What are NERC CIP standards?
The NERC CIP standards require utility companies in North America to establish and adhere to a baseline set of cybersecurity measures. The goal is to ensure that appropriate security controls are in place to protect BES and its users and customers from all threats that may affect its timely and effective functioning.
What CIP 005?
Purpose: Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter. Standard CIP-005 should be read as part of a group of standards numbered Standards CIP-002 through CIP-009.
How do I secure remote access to enterprise network?
7 Best Practices For Securing Remote Access for EmployeesDevelop a Cybersecurity Policy For Remote Workers. ... Choose a Remote Access Software. ... Use Encryption. ... Implement a Password Management Software. ... Apply Two-factor Authentication. ... Employ the Principle of Least Privilege. ... Create Employee Cybersecurity Training.
Is NERC CIP mandatory?
The NERC CIP standards are the mandatory security standards that apply to entities that own or manage facilities that are part of the U.S. and Canadian electric power grid.
How many CIP standards are there?
11 standardsSo, how many CIP standards are there? There are about 11 standards that help with the reliability of your cybersecurity system though the NERC plans on introducing more in the future. Within the standards, there are references to “critical assets” and “responsible entities”.
What CIP 004?
Purpose: Standard CIP-004-4 requires that personnel having authorized cyber or. authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessment, training, and security awareness.
What CIP 003?
Standard CIP-003 requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Standard CIP-003 should be read as part of a group of standards numbered Standards CIP-002 through CIP-009.
What CIP 010?
Standard CIP-010 exists as part of a suite of CIP Standards related to cyber security, which require the initial identification and categorization of BES Cyber Systems and require a minimum level of organizational, operational and procedural controls to mitigate risk to BES Cyber Systems.
What are the examples of security considerations for remote users?
Five Remote Access Security Risks And How To Protect Against ThemWeak remote access policies. ... A deluge of new devices to protect. ... Lack of visibility into remote user activity. ... Users mixing home and business passwords. ... Opportunistic phishing attempts.
Which protocol would be best to use to securely access the remote network devices?
Remote Desktop Protocol or RDP is a communications protocol designed to manage remote access to desktops, files, systems, and even private networks.
Why is NERC CIP important?
The NERC CIP developed and designed a series of standards intended to protect any assets used to operate North America's Bulk Electric System (BES). North America includes, for the purposes of NERC CIP, the United States, Canada and Mexico.
What CIP compliant?
In 2008, (CIP) Critical Infrastructure Protection standards compliance framework was developed to mitigate cybersecurity attacks on the Bulk Electric System. While initially, these standards were not required, they were used to mitigate risk, later becoming an industry norm.
What does CIP stand for energy?
In 2013, the Federal Energy Regulatory Commission (FERC) approved changes and additions to Critical Infrastructure Protection (CIP) Reliability Standards, also known as CIP v5, which are a set of requirements for securing the assets responsible for operating the bulk power system.
What is a NERC registered entity?
Organization Registration Organization Registration identifies and registers Bulk-Power System users, owners, and operators who are responsible for performing specified reliability functions to which requirements of mandatory NERC Reliability Standards are applicable.
What is secure remote access?
What it means to provide secure remote access has changed considerably in the past few years as a result of new technologies and the pandemic. At its most basic, secure remote access is having location-agnostic connectivity among enterprise users and centralized applications, resources and systems, whether cloud-based or on premises.
Who is responsible for secure remote access?
Although remote access tools, such as VPNs and firewalls, are typically under the purview of network teams, in this new era, cybersecurity teams tend to lead and manage the policies, processes and technologies associated with ensuring secure remote access.
The diminishing power of VPNs
One tactic organizations use to combat the vulnerabilities associated with working remotely -- especially if employees are using consumer-grade systems -- is to reestablish VPN standards. This entails enforcing basic protections, such as strong passwords, multifactor authentication, role-based access and encryption.
Setting secure remote access policies
A hallmark of secure remote access is the underlying policy that safeguards access to and the use of enterprise resources, such as data, databases, systems and networks.
Components of the secure remote access ecosystem
Secure remote access touches just about every aspect of enterprise security. TechTarget has curated a series of guides to help IT and security professionals get up to speed on important technologies and concepts.
Zero trust and secure remote access
Cybersecurity and IT teams realize words like perimeter and trust are quickly becoming outdated as borders dissolve and the base of users that need access to resources expands. No longer are organizations protected by four castle walls, with a firewall moat keeping miscreants out.
SASE and secure remote access
Secure Access Service Edge is an emerging concept that combines network and security functions into a single cloud service, not only to alleviate traffic from being routed through the data center, but also to embrace a remote workforce, IoT adoption and cloud-based application use.
What is remote desktop service?
Remote Desktop Services are being used not only by employees for remote access, but also by many system developers and administrators to manage cloud and on-premises systems and applications. Allowing administrative access of server and cloud systems directly through RDP elevates the risk because the accounts used for these purposes usually have higher levels of access across systems and environments, including system administrator access. Microsoft Azure helps system administrators to securely access systems using Network Security Groups and Azure Policies. Azure Security Center further enhances secure remote administration of cloud services by allowing “just in time” (JIT) access for administrators.
What is the default port for remote desktop services?
Firewall rules may be labeled as “Remote Desktop” or “Terminal Services.”. The default port for Remote Desktop Services is TCP 3389, but sometimes an alternate port of TCP 3388 might be used if the default configuration has been changed.
Do on premises deployments have to consider performance and service accessibility?
On-premises deployments may still have to consider performance and service accessibility depending on internet connectivity provided through the corporate internet connection, as well as the management and maintenance of systems that remain within the physical network.
Is remote desktop service secure?
Although Remote Desktop Services (RDS) can be a fast way to enable remote access for employees, there are a number of security challenges that need to be considered before using this as a remote access strategy. One of these challenges is that attackers continue to target the RDP and service, putting corporate networks, systems, and data at risk ( e.g., cybercriminals could exploit the protocol to establish a foothold on the network, install ransomware on systems, or take other malicious actions). In addition, there are challenges with being able to configure security for RDP sufficiently, to restrict a cybercriminal from moving laterally and compromising data.
What is the line of defense for remote access?
So, you have a three-layer line of defense working to protect remote access to your network: anti-virus, firewall, and VPN. The network security team should monitor alerts from these defenses constantly.
What is the first thing that’s required to ensure smooth remote access via a VPN?
The first thing that’s required to ensure smooth remote access via a VPN is to plan out a comprehensive network security policy.
Why is IPSEC used?
This allows IPSec to protect data transmission in a variety of ways. IPSec is used to connect a remote user to an entire network. This gives the user access to all IP based applications. The VPN gateway is located at the perimeter of the network, and the firewall too is setup right at the gateway.
What are the implications of IPSec connections for corporations?
What are the implications of IPSec connections for corporations, considering the very nature of this connection? Well, your employee will only be able to access the network from a single, authorized device. Security is further boosted by the enforcement of antivirus and firewall policies.
What is IPSEC encryption?
IPSec is an IP packet authentication and encryption method. It uses cryptographic keys to protect data flows between hosts and security gateways.
Why use two factor authentication for VPN?
Adopting two-factor authentication for remote access through VPN further boosts your network security. Now let’s take a look at why you should choose a particular VPN type as a secure connection methodology instead of the alternatives.
What is remote access VPN?
The most basic form of VPN remote access is through a RAS. This type of VPN connection is also referred to as a Virtual Private Dial-up Network (VPDN) due to its early adoption on dial-up internet.
How does secure remote access work?
Every remote worker needs a way to connect with remote desktop services and applications that won't slow down their workflows. At the same time, IT administrators must manage those connections to ensure they don't leave the network open to threats.
Why is secure remote access important to remote work security?
Secure remote access approaches are so vital because it’s now impossible to control security at the endpoint. Each user in a remote or hybrid workforce is connecting to the network from a different type of computer or smartphone, and they’re using a variety of internet connections to log in.
Who needs privileged accounts?
Many organizations need to provide privileged accounts for two types of users: employees and external users, such as technicians and contractors. However, organizations using external vendors or contractors must protect themselves from potential threats from these sources.
What is SASE security?
SASE is a new security model, leveraging software-defined networking (SDN), that helps users connect securely to remote data centers. It includes technologies like cloud access security broker (CASB), secure web gateway (SWG), firewall as a service (FWaaS), and ZTNA (ZTNA, described above, can be a component within a SASE solution).
What is a VDI gateway?
VDI solutions provide dedicated gateway solutions to enable secure remote access.
What is RDP server?
RDP is a protocol originally developed by Microsoft, which enables remote connection to a compute system. RDP is also available for MacOs, Linux and other operating systems. The RDP server listens on TCP port 3389 and UDP port 3389, and accepts connections from RDP clients.
Is remote access technology progressing?
Remote access technology made great progress. There are many new ways for users to access computing resources remotely, from a variety of endpoint devices. Here are some of the technologies enabling secure remote access at organizations today.