Remote Access Solutions enable support teams, mobile workforces and home workers to operate flexibly irrespective of geographic locations. Despite the emergence of cloud computing, remote access into corporate systems is common place and increasingly business critical, as the upward trend for remote access to information systems continues. Furthermore, the number and diversity of remote access solutions has increased substantially in the industry and deployments in many organisations.
Confidentiality is an obvious security concern, given the nature of remote access solutions as a gateway to your internal systems. As a business critical system, the risk impact from availability compromise is also important. A Cyberis remote access test will give you the assurance you need as part of your security due diligence or as part of your compliance programmes.
A Cyberis remote access test identifies technical risks to the 'front door' to your corporate IT infrastructure, and reports the technical risk appropriately given the high business impact normally associated with compromise to these solutions.
The test can be customised to include any number of remote access entry points used by staff or third parties that may be exposed publicly such as on the Internet or PSTN; for example legacy RAS systems, RDP-based systems, SSL/VPN solutions and other service-specific infrastructure, for example Microsoft OWA. Where a definitive inventory of ingress points into corporate infrastructure is unknown, Cyberis can conduct a discovery exercise to give you the assurance of a more complete assessment.
The remote access test can also include a review of associated policies, process, procedures and technical standards that may be mandated by your compliance requirements, such as PCI DSS.
- Technical assurance that remote access solutions have been deployed and configured in a secure manner and in accordance to policies and/or industry best practice.
- Address compliance requirements such as PCI DSS requirement 8.3, 8.5.6 and 12.3 in the cardholder data environment.
- Optionally, ingress point discovery and inventory development.