Scribd Logo
Upload

Welcome to Scribd!

  • Lab 6 Lab

    Uploaded by

    khoa20033002
    14 views5 pages
    This document contains a student's responses to assessment questions for Lab 6 on defining a remote access policy. The student summarized that a remote access policy is needed to properly implement secure remote access through the public internet for a mock healthcare organization. The policy should address risks like unencrypted sensitive data and unauthorized access. It should support remote nurses visiting patients and clinics accessing medical records via a secure VPN. The policy should also specify security controls, monitoring, and logging for the remote VPN access.

    Original Description:

    Original Title

    498178830-lab-6-lab

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains a student's responses to assessment questions for Lab 6 on defining a remote access policy. The student summarized that a remote access policy is needed to properly implement secure remote access through the public internet for a mock healthcare organization. The policy should address risks like unencrypted sensitive data and unauthorized access. It should support remote nurses visiting patients and clinics accessing medical records via a secure VPN. The policy should also specify security controls, monitoring, and logging for the remote VPN access.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    14 views5 pages

    Lab 6 Lab

    Uploaded by

    khoa20033002
    This document contains a student's responses to assessment questions for Lab 6 on defining a remote access policy. The student summarized that a remote access policy is needed to properly implement secure remote access through the public internet for a mock healthcare organization. The policy should address risks like unencrypted sensitive data and unauthorized access. It should support remote nurses visiting patients and clinics accessing medical records via a secure VPN. The policy should also specify security controls, monitoring, and logging for the remote VPN access.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 5

    498178830-Lab-6 - lab

    English phonetics and phonology in use (Trường Đại học FPT)

    Scan to open on Studocu

    Studocu is not sponsored or endorsed by any college or university


    Downloaded by Nh? Khoa (khoa20033002@gmail.com)
    Lab #6 – Assessment Worksheet
    Elements of a Remote Access Domain Policy
    Course Name: IAP301
    Student Name: Vu Tuan Anh
    Instructor Name: Nguyen Tan Danh
    Lab Due Date: 1/2/2021
    Remote Access Domain Risks & Threats Remote Access Domain Risks & Threats
    Brute force user ID and password Have users use long IDs and passwords and use
    attacks numbers and characters

    Multiple login retries and access control Only allow a specific number of retries when
    attacks trying to login
    Unauthorized remote access to IT Lock the users down from the system and
    systems, secure all data they were after
    applications, and data
    Privacy data or confidential data is Have all data in encrypted so that it will be
    compromised remotely useless to anyone
    Data leakage in violation of existing Create a keyword filtering for content that
    Data Classification Standards maycontain classified data or use data
    finger
    printing
    Mobile worker laptop is stolen Full disk encryption, remote tracking
    Mobile worker token or other Data reset features, encryption on disk and
    lost or stolen authentication device tracking.
    Remote worker requires remote access No access required no matter what
    to
    medical patient online system through
    the public Internet
    Users and employees are unaware of Acceptable Use and Security Polices Remote
    the risks Access Policy for Remote Workers & Medical
    and threats caused by the public Clinics
    Internet

    Lab #6 – Assessment Worksheet


    Define a Remote Access Policy to Support Remote Healthcare Clinics

    1. What are the biggest risks when using the public Internet as a WAN or transport
    for remote access to
    your organization’s IT infrastructure?

    - Unsecured wifi network. Hackers can spoof passwords.

    Downloaded by Nh? Khoa (khoa20033002@gmail.com)


    2. Why does this mock healthcare organization need to define a Remote Access
    Policy to properly
    implement remote access through the public Internet?
    - Remote access policies will need to be implemented to ensure proper encryption
    of sensitive data sent across the internet.

    3. What is the relationship between an Acceptable Use Policy (AUP) and a Security
    Awareness &
    Training Policy?
    - This component specifies what users can and cannot do on company resources
    while the security awareness and training policy specifies security as a whole
    throughout the organization.

    4. One of the major prerequisites for this scenario was the requirement to support
    nurses and healthcare
    professionals that are mobile and who visit patients in their homes. Another
    requirement was for
    remote clinics to access a shared patient medical records system via a web browser.
    Which type of
    secure remote VPN solution is recommended for these two types of remote access?
    - For the mobile nurses who visit patients, they should have tablets with preloaded
    software they need to treat patients. As far as accessing patient's records via a web
    browser they can host records on a secure remote access domain.

    5. When trying to combat unauthorized access and login attempts to IT systems and
    applications, what
    is needed within the LAN-to-WAN Domain to monitor and alarm on unauthorized
    login attempts to
    the organization’s IT infrastructure?
    - Intrusion Detection System (IDS).

    6. Why is it important to mobile workers and users about the risks, threats, and
    vulnerabilities when
    conducting remote access through the public Internet?
    - The public Internet is beyond the governance of the organization and is not secure
    and because their devices can be lost, stolen or hacked in to retrieve personal data
    or information.

    7. Why should social engineering be included in security awareness training?


    - To raise awareness of threats from internal, and external sources looking to obtain.

    Downloaded by Nh? Khoa (khoa20033002@gmail.com)


    8. Which domain (not the Remote Access Domain) throughout the seven domains of
    a typical IT
    infrastructure supports remote access connectivity for users and mobile workers
    needing to connect to
    the organization’s IT infrastructure?
    - Lab 6 define a remote access policy to support 3.

    9. Where are the implementation instructions defined in a Remote Access Policy


    definition? Does this
    section describe how to support the two different remote access users and
    requirements as described
    in this scenario?
    - Remote access domain.

    10. A remote clinic has a requirement to upload ePHI data from the clinic to the
    organization’s IT
    infrastructure on a daily basis in a batch-processing format. How should this remote
    access
    requirement be handled within or outside of this Remote Access Policy definition?
    - Knowing who to give remote access to. Adding specific users to VPN users group
    within AD.

    11. Why is a remote access policy definition a best practice for handling remote
    employees and
    authorized users that require remote access from home or on business trips?
    - Without a remote access policy, the availability and integrity of your network can
    be compromised by unauthorized users.

    12. Why is it a best practice of a remote access policy definition to require


    employees and users to fill in
    a separate VPN remote access authorization form?
    - This helps with non-repudiation to ensure the user is who they claim to be and that
    they are authorized to access confidential organizational assets.

    13. Why is it important to align standards, procedures, and guidelines for a remote
    access policy
    definition?

    Downloaded by Nh? Khoa (khoa20033002@gmail.com)


    - The importance of aligning the standards, procedures and guidelines is so the
    organization can maintain confidentiality of important data which may be required
    by law.

    14. What security controls, monitoring, and logging should be enabled for remote
    VPN access and users?
    - Multi-factor authentication of users and computers and a Password Lockout Policy
    and the controls needed for a VPN.

    15. Should an organization mention that they will be monitoring and logging remote
    access use in their
    Remote Access Policy Definition?
    - That would depend on the company and the faith it puts in its users

    Downloaded by Nh? Khoa (khoa20033002@gmail.com)

    You might also like