Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS4680 Security Auditing for Compliance

Published byBernd Anton Buchholz Modified over 6 years ago

Similar presentations

Presentation on theme: "IS4680 Security Auditing for Compliance"— Presentation transcript:

1 IS4680 Security Auditing for Compliance
Unit 8 Compliance Within the Remote Access Domain

2 Class Agenda 8/8/16 Covers Chapter 13 Learning Objectives
Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Lab will be perform in class. Break Times as per School Regulation Discussion on Project.

3 Learning Objective Describe information security systems compliance requirements within the Remote Access Domain.

4 Key Concepts Compliance-law requirements and business drivers for Remote Access Domain Devices and components found in the Remote Access Domain Virtual private network (VPN) tunneling and performance and validating Remote Access Domain configuration

5 Key Concepts (Continued)
Remote Access Domain—policies, standards, procedures, and guidelines Best practices for Remote Access Domain compliance requirements

6 EXPLORE: CONCEPTS

7 Compliance Law and Business Drivers
The Remote Access Domain contains the components that can bring the distributed environment together and make resources available and useful to remote users. The organization provides the Remote Access Domain service, which enables remote users to operate more effectively and efficiently without physically present at your main location.

8 Compliance Law and Business Drivers (Continued)
The Remote Access Domain capability is a benefit to users who are geographically separated from your physical resources either permanently or temporarily.

9 Compliance Law and Business Drivers (Continued)
The necessary steps need to be taken to secure the data being transmitted to and from the organization, and hence show compliance especially if your organization has a Health Insurance Portability and Accountability Act (HIPPA), of a Professional Certified Investigator (PCI) requirement.

10 Components in Remote Access Domain
Remote user Remote users connect to an organization’s resources by using non trusted networks Remote users often use public computers or terminals Remote users can be sloppy, moreover a strong remote access acceptable use policy (AUP) in place that sets standards for how remote users handle data

11 Devices in Remote Access Domain
Remote workstation or laptop Smartphone

12 VPN Tunneling and Performance
Although most VPN encrypts all the traffic transported through the VPN tunnel, and the encryption is an option and not a part of the VPN itself. The “private” part of VPN refers to private addressing and not data privacy. You can monitor a lot with respect to remote access, but the best place to start is by identifying and validating who is using remote access.

13 VPN Tunneling and Performance (Continued)
There are at least three activities of interest you should be monitoring: Creation of VPN connection Remote access connection Remote computer logon

14 EXPLORE: PROCESSES

15 Validating Remote Access Domain Configuration
Step 1 Verify that all traffic flowing along your VPN is encrypted at both ends. Step 2 Configure routers so that it do not accept data without Internet Protocol Security (IPsec) encryption. Step 3 Validate that the packets flowing through your VPN are encrypted. Step 4 Set a schedule to check these processes to ensure that no misconfigurations have been made.

16 Monitoring VPN Tunneling
Step 1 Use a higher level of Open Systems Interconnection (OSI) and encapsulate data by using IPsec protocol. Step 2 Monitor the data for modification while in transit. Step 3 Check for secure data transmission when data enters the organizational network. Step 4 Use a proxy filter to monitor and control data based on the settings of the proxy filter. Step 5 Log the data when decrypted from IPsec, which helps to monitor the data.

17 EXPLORE: ROLES

18 Roles and Responsibilities
Senior Managers Responsible for support and funding approval. Information technology (IT) Managers Overall IT function leadership and support.

19 Roles and Responsibilities (Continued)
IT Auditors Remote Access Domain control auditors. Data Owners Grant access to data remotely.

20 Roles and Responsibilities (Continued)
System Administrators Monitor servers for anomalies. Network Administrators Monitor network VPN and remote access devices for anomalies.

21 EXPLORE: CONTEXTS

22 Creation of Information Systems Security (ISS) Compliance
Validating compliance in the Remote Access Domain includes validating the controls that satisfy compliance requirements. Most compliance concerns focus on data privacy because it is important to evaluate all controls and ensure that all three properties of the availability, integrity, and confidentiality (A-I-C) triad are satisfied.

23 Creation of ISS Compliance (Continued)
The Remote Access Domain has the following three main areas of concern: Client-side configuration Server-side configuration Configuration-management verification Each area focuses on a slightly different component of the Remote Access Domain.

24 Best Practices for Remote Access Domain
The following best practices can be used to develop a plan for Remote Access Domain compliance: Map your proposed remote access architecture, including redundant and backup connections. Install at least one firewall between your VPN endpoint and your internal network.

25 Best Practices for Remote Access Domain (Continued)
Select a VPN provider that your clients can easily access. Use global user accounts whenever possible. Create a limited number of administrative accounts with permissions for remote administration.

26 Best Practices for Remote Access Domain (Continued)
Monitor VPN traffic for performance and suspicious content. Require encryption for all communication in the Remote Access Domain.

27 EXPLORE: RATIONALE

28 Validating Remote Access Domain Configuration
The same process is used in a large organization must be used in small organizations. However, the small organization requires lower costs of ownership and less devices to monitor. The size of the organization has nothing to do with the validation process.

29 Adhering to Policies, Standards, Procedures, and Guidelines
Each organization has different needs, and organizations use different controls to ensure functionality and security in the Remote Access Domain.

30 Summary In this presentation, the following were covered:
Devices and components in Remote Access Domain and VPN tunneling Process to validate Remote Access Domain configuration and monitor VPN tunneling Roles and responsibilities associated with Remote Access Domain compliance Creation of information systems security compliance and best practices for Remote Access Domain compliance requirements Need for validating Remote Access Domain configuration and adhering to policies, standards, procedures, and guidelines

31 Assignment and Lab Discussion 8.1 Virtual Private Network (VPN) Tunneling and Performance Lab 8.2 Auditing the Remote Access Domain for Compliance Assignment 8.3 Best Practices for Remote Access Domain Compliance

Download ppt "IS4680 Security Auditing for Compliance"

Similar presentations

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Prototyping the WAN Designing and Supporting Computer Networks – Chapter 8.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Prototyping the WAN Designing and Supporting Computer Networks – Chapter 8.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Security Controls – What Works

Security Controls – What Works
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Chapter 13 – Network Security

Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Similar presentations

Ads by Google