For security professionals, enabling remote access into IT environments has always been viewed as a necessary evil.
The reasons for this are many: weak access controls, lack of endpoint control and visibility, and the risk of attacks and attackers taking advantage of remote access as well. Like it or not, though, almost every organization has business requirements for partners, vendors, employees, contractors, and more to remotely access applications and services, and this has definitely been fraught with real risks. When you provision remote access to privileged users, the risks could potentially be far worse. What have we learned over the years about safely enabling remote access, and how should organizations assess their remote access security posture?
In this webcast, we'll cover:
- Examples of remote access gone terribly wrong!
- How to evaluate your remote access strategy and infrastructure
- Specific security controls and practices that could improve remote access models in your environment
Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.