8.4. REMOTE ACCESS CONTROLS

In the early days of computing, system security administrators were typically the only users who required the ability to sign on to a system remotely. Computer processing was centralized, and users typically signed on using dumb terminals. Today more and more users are requiring the ability to sign on remotely using laptops, personal digital assistants (PDAs), and some kinds of cell phones. They typically require access to the organization network and, from there, access to various applications. Remote access facilitates numerous efficiencies and enables more timely communications and completion of work, but it also significantly increases the risk to an organization's network of computing systems to unauthorized access, viruses, and other operational challenges. To help mitigate these risks, a number of remote access control technologies have been developed. The most common remote access controls include dedicated leased lines, automatic dialback, secure sockets layer (SSL) sessions, multifactor authentication, and virtual private networks (VPNs). In some situations, a combination of one or more of these controls is deployed. Each of these controls is discussed briefly here. Most rely on some sort of encryption technology. Please refer to Chapter 11 for a detailed discussion of encryption and cryptography.

Dedicated leased lines are telephone connections that are private in the sense that the leasing telecommunications company does not allow external ...

Get Auditing Information Systems, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.