Mon Sep 29 18:51:59 PDT 2014

Zones: Remote access: How is access to internal zones from distant locations (including wireless) facilitated?


Options:

Option 1: Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.
Option 2: Use controlled configurations for distant environments and provide access through terminal servers.
Option 3: Use remote dial-in access with telephones and modems from controlled environments for distant access.
Option 4: Use remote dedicated connectivity from controlled environments for distant access.
Option 5: Use temporary {encrypted} remote access connections to {terminal servers, microzones} {with controlled configurations, surveillance, recording, limited actions} for remote {diagnosis, maintenance, supervised activities} for limited time frames.
Option 6: Don't allow distant access to internal zones.

Decision:

The following approach to remote access to internal zones is suggested:

Risk Zone Approach
High Restricted Don't allow distant access to internal zones.
High Control Don't allow distant access to internal zones.
High Trusted Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them. AND Use remote dedicated connectivity from controlled environments for distant access. AND Use temporary encrypted remote access connections to terminal servers or microzones with controlled configurations, surveillance, recording, and limited actions for remote diagnosis, maintenance, and supervised activities for limited time frames.
High Audit Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them. AND Use controlled configurations for distant environments and provide access through terminal servers. AND Use remote dedicated connectivity from controlled environments for distant access.
Medium Restricted [Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them. AND [Use remote dedicated connectivity from controlled environments for distant access. OR Use controlled configurations for distant environments and provide access through terminal servers.]]
OR Use temporary encrypted remote access connections microzones with controlled configurations, surveillance, and recording for remote supervised activities for limited time frames.
Medium Control [Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them. AND [Use remote dedicated connectivity from controlled environments for distant access. OR Use controlled configurations for distant environments and provide access through terminal servers.]]
OR Use temporary encrypted remote access connections to terminal servers with controlled configurations, recording, and limited actions for supervised activities for limited time frames.
Medium Trusted Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.
OR Use controlled configurations for distant environments and provide access through terminal servers.
OR Use remote dial-in access with telephones and modems from controlled environments for distant access.
OR Use remote dedicated connectivity from controlled environments for distant access.
OR Use temporary encrypted remote access connections to terminal servers with controlled configurations, surveillance, and recording for remote diagnosis and maintenance for limited time frames.
OR Use temporary encrypted remote access connections to microzones with controlled configurations and surveillance for supervised activities for limited time frames.
Medium Audit [Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them. AND Use controlled configurations for distant environments and provide access through terminal servers.]
Low Restricted Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.
OR Use controlled configurations for distant environments and provide access through terminal servers.
OR Use remote dial-in access with telephones and modems from controlled environments for distant access.
OR Use remote dedicated connectivity from controlled environments for distant access.
OR Use temporary encrypted remote access connections to terminal servers with surveillance and recording for remote diagnosis, maintenance, and/or supervised activities for limited time frames.
Low Control Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.
OR Use controlled configurations for distant environments and provide access through terminal servers.
OR Use remote dial-in access with telephones and modems from controlled environments for distant access.
OR Use remote dedicated connectivity from controlled environments for distant access.
OR Use temporary encrypted remote access connections to terminal servers with surveillance and recording for remote diagnosis, maintenance, and/or supervised activities for limited time frames.
Low Trusted Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.
OR Use controlled configurations for distant environments and provide access through terminal servers.
OR Use remote dial-in access with telephones and modems from controlled environments for distant access.
OR Use remote dedicated connectivity from controlled environments for distant access.
OR Use temporary encrypted remote access connections to terminal servers and/or microzones with recording for remote diagnosis, maintenance, and/or supervised activities.
Low Audit Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.
OR Use controlled configurations for distant environments and provide access through terminal servers.
OR Use remote dial-in access with telephones and modems from controlled environments for distant access.
OR Use remote dedicated connectivity from controlled environments for distant access.
OR Use temporary encrypted remote access connections to terminal servers and/or microzones with recording for supervised activities.
Remote access to internal zones

Basis:

Provide equivalent protection in every way for distant systems and environments and use authenticated encrypted tunnels to connect them.
In most cases, a remote location with equivalent protection in every way should be allowed to connect through adequately secured infrastructure, assuming this doesn't exceed risk aggregation thresholds or violate regulatory, contractual, or other similar mandates.

Use controlled configurations for distant environments and provide access through terminal servers.
Controlled configurations provide a modicum of protection for remote, particularly mobile, systems. By augmenting this with locally controlled terminal services heavily managed internal mechanisms can provide assurance as well as extensive detection and auditing capabilities and provide reasonably access and reasonable protection for many cases.

Use remote dial-in access with telephones and modems from controlled environments for distant access.
Remote dial-in access from controlled environments provides a low-speed and, often independent, method of communicating. To the extent that this is different or harder to simultaneously attack, it brings benefits in mitigation of common mode failure risks as well as elsewhere.

Use remote dedicated connectivity from controlled environments for distant access.
Remote dedicated connectivity, typically in the form of leased lines that have cryptographic coverage provided by the vendor, provides high speed, partially independent, and harder to interfere with connectivity between locations.

Use temporary {encrypted} remote access connections to {terminal servers, microzones} {with controlled configurations, surveillance, recording, limited actions} for remote {diagnosis, maintenance, supervised activities} for limited time frames.
Temporary remote connections are typically controlled by {user access / port / line / device / VPN with VM} {disablement / disconnect / power down / shutdown} during non-use periods and {enablement / connection / power up / startup} only during use periods. Cryptographic protection is commonly used along with normal access controls or microzone controls to prevent interception and/or alteration of control and data en-route. Connections may be direct to devices or through microzones or terminal servers that then perform the operations from there using controlled configurations. Remote diagnosis and maintenance may be surveilled and recorded and actions may be restricted, for example to be read-only for audit records or to lock out changes without additional authorization. Similarly, supervised activities may take place in microzones under direct supervision of the operator of the VM in use for the microzone. Supervision in this context implies continuous presence and attention by the micozone operator, and represents a form of shared simultaneous use. As such, supervision required proper user behavior by the supervisor.

Don't allow distant access to internal zones.
For some high risk situations, it is simply to risky to allow external locations to connect into internal network areas.

A cautionary note The structure of the decisions here should take into account that remote access may be from parties of different trust characteristics. For example, for high risk situations, providing equivalent protection in every way implies that the same trust levels for personnel at the remote location apply as at the local location. But as soon as this restriction is removed, there is a potentially far larger population with different trust characteristics to deal with.

Copyright(c) Fred Cohen, 1988-2012 - All Rights Reserved