February 26, 2009
New Guidelines for Protecting Wireless, Remote Access Data
While wireless access has untethered many laptops from only having access in an office or home, public networks in local coffee shops will not keep your data safe. The National Institute of Standards and Technology (NIST) has updated its guide on maintaining data security while teleworking.
The revised guide offers advice for protecting the wide variety of private and mobile devices from threats that have appeared since the first edition appeared in August 2002. Together with the preponderance of dangerous malware on the Web, the vulnerability of wireless transmissions from mobile devices has created dramatic new security challenges.
NIST points out that when it comes to remote access security, everything has changed in the last few years. Many Web sites plant malware and spyware onto computers, and most networks used for remote access contain threats but aren’t secured against them. However, even if teleworkers are using unsecured networks, the guide shows the steps organizations can take to protect their data.
Among these steps is the recommendation that an organization’s remote access servers—the computers that allow outside hosts to gain access to internal data—be located and configured in ways that protect the organization. Another is to ensure that all mobile and home-based devices used for telework be configured with security measures so that exchanged data will maintain its confidentiality and integrity. Most importantly, an organization’s policy should be to expect trouble and plan for it.
The new guide provides recommendations for organizations. A companion publication offers advice for individual users on securing their own mobile devices.
Guide to Enterprise Telework and Remote Access Security (pdf)
User’s Guide to Securing External Devices for Telework and Remote Access (pdf)
Posted by rsk at February 26, 2009 08:19 AM