3.1.12 Monitor and control remote access sessions.

Remote access is access to organizational systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods include dial-up, broadband, and wireless. Organizations often employ encrypted virtual private networks (VPNs) to enhance confidentiality over remote connections. The use of encrypted VPNs does not make the access non-remote; however, the use of VPNs, when adequately provisioned with appropriate control (e.g., employing encryption techniques for confidentiality protection), may provide sufficient assurance to the organization that it can effectively treat such connections as internal networks. VPNs with encrypted tunnels can affect the capability to adequately monitor network communications traffic for malicious code.

Automated monitoring and control of remote access sessions allows organizations to detect cyber-attacks and help to ensure ongoing compliance with remote access policies by auditing connection activities of remote users on a variety of system components (e.g., servers, workstations, notebook computers, smart phones, and tablets). [SP 800-46], [SP 800-77], and [SP 800-113] provide guidance on secure remote access and virtual private networks.

Actionable Items: There are many methods of connecting remotely and each one has different methods of control, monitoring, and securing. Each method should at the very least be encrypted and monitored.

Monitoring: For some methods of remote connection the same monitoring software that can monitor the network can also monitor this. However, there are some connections methods that circumvent this type of monitoring and therefore should have some other sort of monitoring or control to ensure security. These second type of services usually include remote desktop software which is widely used by service companies. There are not many remote desktop software that have secure encryption.