2.1 Remote Access Flashcards
What is a remote access
The means of providing remote connectivity to a corporate LAN through a data link.
What is the purpose of remote access
To give access to LAN-based resources to employees who are off-sites.
What is a Virtual Private Network (VPN)
En encrypted tunnel to protect transmission from any eavesdroppers.
Controls that are essential for remote access :
- Authentication - to know who is requesting access to the corporate LAN.
- Encryption - to maintain the confidentiality of information being exchanged during remote access
Encryption protocols used by VPN
- SSL (Secure Sockets Layer) or TLS (Trransport Layer Security)
- IPsec (IP Security) - for secure exchange of packets in transport and tunnel mode
- Layer 2 Tunneling Protocol (L2TP) or PPTP (Point-to-Point Tunelling Protocol)
What types of control the encryption protocol use in VPN provide
Compensating controls
Control to access cloud-based networks resources
A multi factor authentication
Identification, Authentication, and Authorization
To control access as who or wants access to the resource, and determine if the subject is permitted to access the resource and either grant or deny thr access.
Identification
Identification is the first step in the process of gaining entry to a system or application.
Identification is the act of asserting an identity without providing any proof of it. Identification is not usually used to protect high-value assets or functions.
Authentication
Authentication is the next step after identification. Some form of proof of the subject’s identity is required.
Example : Password, token, biometric, smart card.
Authorization
Authorization is the next step after authentication. At this stage, the system determines whether the subject should be permitted to access the requested resource.
