Remote Access Configuration and Change Management
It’s important to manage the network configuration settings in the LAN, LAN-to-WAN, and WAN Domains. Likewise, managing the changes to your VPN and remote access configuration is crucial to maintaining a secure environment for remote users and resources. When auditing a remote access environment consideration should be given to the following:
-
Map remote access architecture, including redundant and backup connections.
-
Assess firewalls between your VPN endpoint and the internal network.
-
Assess global user accounts.
-
Assess the strength of authentication used.
-
Assess the limited number of administrative accounts with permissions for remote administration.
-
Assess the backup and recovery plan for each component in the Remote Access Domain. Include configuration settings for network devices in the backup and recovery plans.
-
Assess whether procedures for all operating systems, applications, and network device software and firmware in the Remote Access Domain are up to date.
-
Assess the monitoring of VPN traffic for performance and suspicious content.
-
Assess control and configuration setting changes or physical changes to domain nodes. This includes if updates were applied to the network map after any changes.
-
Assess encryption for all communication in the Remote Access Domain.
Review the suggested best practices and implement the controls that work best for your environment. Each organization has different needs and will end up with different controls to best ensure functionality and security in the Remote Access Domain.