Instructions
The purpose of this lab is to show how to audit the remote access domain. You will identify common risks, threats, and vulnerabilities found in the remote access domain; assess common risks, threats, and vulnerabilities found in the remote access domain; identify network and security policies to properly secure the remote access domain portion of the network infrastructure; and audit and assess the implementation of security controls in the remote access domain.
Lab 7.1a
You will use Microsoft Word to develop your homework assignment by completing the sections listed below:
Review the following scenario:
You are a security consultant for an information systems security firm and have a new healthcare provider client under HIPAA compliance. Your new client wants to know the requirements and the business drivers for securing the remote access domain in a healthcare environment because it requires compliance with HIPAA. Similarly, your firm has a U.S. government DoD client who also wants you to perform a remote access domain compliance audit per DoD remote access hardening guidelines and baseline requirements. Both organizations want you to focus on the remote access domain only, and you are to use the DoD-provided frameworks and STIGs previously found to summarize a remote access domain hardening strategy.
With the information you read from Unit IV and Unit VI, identify the risks, threats, and vulnerabilities commonly found in the remote access domains security solution.
Document these in your text document.
Launch your Web browser. Navigate to the following website:
https://public.cyber.mil/stigs/
Search for the Desktop Application Security Technical Implementation Guide (Version 4, Release 5) document from the STIG database website and other NIST standards you discovered in previous labs.
Summarize these in your homework assignment.
Lab 7.1b
Navigate to the following website:
https://vaulted.io/library/disa-stigs-srgs/virtual_private_network_vpn_security_requirements_guide
This document reviews the potential vulnerabilities and configuration recommendations for secure remote access as per DoD guidelines.
Review the following concepts from this overarching DoD standards document for secure remote access and discuss these guidelines in your homework assignment:
Security Considerations for Remote Access and Telework
Assessment, Enforcement, and Remediation Services
Endpoint Security
Security Readiness Review Requirements
Lab 7.1c
Review some more remote access security checklists and guideline documents, by visiting the following links:
Remote Access Policy STIG
Remote Endpoint STIG
Review the security controls listed in each of the Secure Remote Access checklists to help mitigate the risks, threats, and vulnerabilities within the remote access domain.
Review how these DoD guideline documents can help organizations baseline their security and achieve the compliance requirements in both government and commercial organizations.
Discuss these guidelines in your homework assignment.
Lab 7.2
Write an executive summary that summarizes the top remote access domain risks, threats, and vulnerabilities and include a description of the risk mitigation tactics you would perform to audit the remote access domain for compliance. Use the U.S. DoD remote access hardening guidelines as your example for a baseline definition for compliance.
NOTE: When you submit your homework assignment, you can combine the assignments into one document for grading. Please clearly mark the answers for Lab 7.1a, Lab 7.1b, Lab 7.1c, and Lab 7.2 within your submission by labeling those sections within your assignment.
Your homework assignment should be a minimum of two-pages in APA format. Include a minimum of two sources, with at least one source from the Online Library in addition to your textbook.
Adhere to APA Style when constructing this assignment, including in-text citations and references for all sources that are used. Please note that no abstract is needed.