Our company's IT management team is trying to develop a policy on remote management tools for network security staff. Which roles should have remote access to which tools? Given the nature of the cloud and telecommuting today, should everyone have access to every tool, locally and remotely? What's your advice for trying to figure this out? Are there any industry best practices?
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)
Developing a remote management strategy that dictates what tools the network security staff can use in order to access their equipment is important. Giving staff the flexibility to manage equipment remotely is common, but doing so shouldn't create holes in the company's security posture. Here are a few key factors to consider to help determine how to implement a remote management program:
- Determine how they'll get access. Not everyone should have access remotely. First, clearly defined and documented policy and procedures must be in place to approve authorization for someone to manage the network remotely. This isn't something you want to take lightly: Each individual's job role and responsibilities should be taken into account, as well as his or her personal history with the company. Such checks and balances must in place to ensure that those who gain remote access to key network and systems infrastructure don't abuse that access.
- Determine what they'll have access to. Determine what privileges a particular admin is capable of accessing after they've remotely entered into the network. There are valid reasons that you would want to segment what an administrator is capable of accessing remotely. For example, you might want to ensure that the administrators of systems that generate logs do not have access to a centralized log management console that would allow them to tamper with those logs. Decisions for provisioning remote access should be made using the same least-privilege approach as local access.
- Determine when they'll need access. Are they going to need access to your company's network all the time? Are they administrators or consultants? Do you want these users in the network at any given time, and from any location? Make sure you have the proper restrictions in place when and where needed.
Once these questions are answered, pick a method and tool for them to access the network. When searching for a remote access tool to use, first determine if the tool or application has the ability to encrypt remote traffic, use multiform authentication and has the ability to log and audit data. There are many tools and ways to get into the network, but security is the main concern. If a tool can't encrypt, log or have multiform authentication, it shouldn't be used. Use these three features as a baseline when searching for remote management tools.
That said, there are many tools available that allow remote access to your company's network that follow these three standards. In some cases, you'll have to add an additional layer of security or functionality on top of your remote access tool of choice, especially if you require special capabilities, but these controls will ultimately help ensure security.
This was first published in March 2013