Instructions The purpose of this lab is to show how to audit the remote access domain. You will identify common risks, threats, and vulnerabilities found in the remote access domain; assess common...

1 answer below »

Instructions

The purpose of this lab is to show how to audit the remote access domain. You will identify common risks, threats, and vulnerabilities found in the remote access domain; assess common risks, threats, and vulnerabilities found in the remote access domain; identify network and security policies to properly secure the remote access domain portion of the network infrastructure; and audit and assess the implementation of security controls in the remote access domain.


Lab 7.1a

You will use Microsoft Word to develop your homework assignment by completing the sections listed below:


Review the following scenario:




You are a security consultant for an information systems security firm and have a new healthcare provider client under HIPAA compliance. Your new client wants to know the requirements and the business drivers for securing the remote access domain in a healthcare environment because it requires compliance with HIPAA. Similarly, your firm has a U.S. government DoD client who also wants you to perform a remote access domain compliance audit per DoD remote access hardening guidelines and baseline requirements. Both organizations want you to focus on the remote access domain only, and you are to use the DoD-provided frameworks and STIGs previously found to summarize a remote access domain hardening strategy.



With the information you read from Unit IV and Unit VI, identifythe risks, threats, and vulnerabilities commonly found in the remote access domain’s security solution.


Document these in your text document.


Launch your Web browser. Navigate to the following website:



https://vaulted.io/library/disa-stigs-srgs/application_security_and_development_security_technical_implementation_guide?version=v4r3&compareto=v4r2





Search for the ‘Desktop Application’ Security Technical Implementation Guide (Version 4, Release 5) document from the STIG database website and other NIST standards you discovered in previous labs.





Summarize these in your homework assignment.


Lab 7.1b

Navigate to the following website:



https://vaulted.io/library/disa-stigs-srgs/virtual_private_network_vpn_security_requirements_guide


This document reviews the potential vulnerabilities and configuration recommendations for secure remote access as per DoD guidelines.


Review the following concepts from this overarching DoD standards document for secure remote access and discuss these guidelines in your homework assignment:



  1. Security Considerations for Remote Access and Telework

  2. Assessment, Enforcement, and Remediation Services

  3. Endpoint Security

  4. Security Readiness Review Requirements


Lab 7.1c

Review some more remote access security checklists and guideline documents, by visiting the following links:



Remote Access Policy STIG



Remote Endpoint STIG


Review the security controls listed in each of the Secure Remote Access checklists to help mitigate the risks, threats, and vulnerabilities within the remote access domain.


Review how these DoD guideline documents can help organizations baseline their security and achieve the compliance requirements in both government and commercial organizations.


Discuss these guidelines in your homework assignment.


Lab 7.2

Write an executive summary that summarizes the top remote access domain risks, threats, and vulnerabilities and include a description of the risk mitigation tactics you would perform to audit the remote access domain for compliance. Use the U.S. DoD remote access hardening guidelines as your example for a baseline definition for compliance.



https://csrc.nist.gov/CSRC/media/Events/HIPAA-Security-Rule-Implementation-and-Assurance/documents/NIST_Remote_Access.pdf



https://www.netwrix.com/remote_access_security_best_practices.html


NOTE: When you submit your homework assignment, you can combine the assignments into one document for grading. Please clearly mark the answers for Lab 7.1a, Lab 7.1b, Lab 7.1c, and Lab 7.2 within your submission by labeling those sections within your assignment.


Your homework assignment should be a minimum of two-pages in APA format. Include a minimum of two sources, with at least one source from the CSU Online Library in addition to your textbook.


Adhere to APA Style when constructing this assignment, including in-text citations and references for all sources that are used. Please note that no abstract is needed.

Answered 3 days AfterApr 04, 2021

Answer To: Instructions The purpose of this lab is to show how to audit the remote access domain. You will...

Amit answered on Apr 08 2021
151 Votes
Title of the assignment:
Student’s name:
Student ID:
Professor’s name:
Course title:
Date: 4/8/2021
Table of Contents
1.    Lab 7.1 A    3
2.    Lab 7.1 B    3
3.    Lab 7.1
C    4
4.    Lab 7.2    5
5.    References:    6
1. Lab 7.1 A
The vulnerabilities, threats or related risks which are found for the security of remote access domain are described below:
· Brute-force attacks to steal personal information: The Brute-force attacks are very commonly done to remote domains for stealing the personal information like passwords.
· Multiple logon and unauthorized access: The attackers tries to make logon to the remote domain on bases of steal information. This also leads to unauthorized access to the remote domain.
· Compromised security for confidential data: The remote domains maintains LAN to WAN implementation and data encryption is not performed on each stage. This can lead to security compromise for the stored confidential data on remote domain.
· Data bridge because of implemented standards: The remote domains maintains classification standards for the implemented and stored data on remote domain. The attackers can create data bridge to steal the stored information on these remote domains because of implemented poor classification standards.
· The risks related to identification, authentication and authorization are also possible.
2. Lab 7.1 B
1. Security considerations for remote access and Telework: The implementation of L2TP is recommended for Tele work. The scope of the developed link among the user and remote access can be defined with it. for handling the IP packets, L2TP tunnel can also be implemented. The use of IPSec is also recommended as the important security...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here