Welcome » IT Booklets » Information Security » Security Controls Implementation » Access Control » Remote Access
Financial institutions should secure remote access to and from their systems by
Many financial institutions provide employees, vendors, and others with access to the institution's network and computing resources through external connections. Those connections are typically established through modems, the Internet, or private communications lines. The access may be necessary to remotely support the institution's systems or to support institution operations at remote locations. In some cases, remote access is required periodically by vendors to make emergency program fixes or to support a system.
Remote access to a financial institution's systems provides an attacker with the opportunity to subvert the institution's systems from outside the physical security perimeter. Accordingly, management should establish policies restricting remote access and be aware of all remote-access devices attached to their systems. These devices should be strictly controlled. Good controls for remote access include the following actions: