The Remote Access Security Checklist
The checklist of must-haves for any remote access policy.
Remote Access Policy Security Checklist
Antivirus software with real-time protection enabled - Make sure company-approved antivirus software is included on all remote access devices and set to update regularly.
Required personal firewall - In addition to antivirus software, a personal firewall should be configured and enabled on all remote devices. If a threat is detected all communications should be blocked.
Defined operating systems - Only allowed operating systems should be able to connect to the corporate network. If your company only uses and supports Windows computers, you should disallow *nix, Macs, etc.
Time out periods – Should be defined and set to when there is no activity on the computer. If there is no activity for 30 minutes for example, enforce a policy so the connection terminates. Be careful to test and make sure a download or upload triggers activity.
Targeted access to systems while on VPN - Only allow access to necessary internal resources. If a department only accesses one application on your internal network only provide them with access to that application.
Non-Disclosure Agreement - Vendors, third party companies, and even employees should sign an NDA in order to gain remote access. This will help protect any confidential information.
The checklist of must-haves for any remote access policy.
Remote Access Policy Security Checklist
Antivirus software with real-time protection enabled - Make sure company-approved antivirus software is included on all remote access devices and set to update regularly.
Required personal firewall - In addition to antivirus software, a personal firewall should be configured and enabled on all remote devices. If a threat is detected all communications should be blocked.
Defined operating systems - Only allowed operating systems should be able to connect to the corporate network. If your company only uses and supports Windows computers, you should disallow *nix, Macs, etc.
Time out periods – Should be defined and set to when there is no activity on the computer. If there is no activity for 30 minutes for example, enforce a policy so the connection terminates. Be careful to test and make sure a download or upload triggers activity.
Targeted access to systems while on VPN - Only allow access to necessary internal resources. If a department only accesses one application on your internal network only provide them with access to that application.
Non-Disclosure Agreement - Vendors, third party companies, and even employees should sign an NDA in order to gain remote access. This will help protect any confidential information.
No comments:
Post a Comment