Methods of remote access to the enterprise network are often overlooked as sources of security risks and threats. All too often legacy technology such as modems and outdated access privileges granted to vendors for remote support are forgotten, thereby becoming sources of security vulnerabilities.
A list of remote access vectors that ERE often finds on a client site are:
- Vendor and third party consultant access privileges for remote support.
- Terminal Access Servers.
- Virtual Private Networks (VPN).
- Remote dial-up.
- Modem Pools.
- Voice over IP (VOIP).
A client will often request an audit of their remote access technology that is currently in use. However, ERE has often uncovered forgotten and theoretically not used access technology and access privileges.
We recommend a network device discovery audit as fundamental to the remote access audit. The remote access technology audit consists of components of the following audits: