Nist 800 -171 3.1.12

Monitor and control remote access sessions.

This control is about how endpoints connect to your network and how you deal with them. The first way is to have a VPN (Virtual Private Network) encrypts access to your network and since you have limited access in previous controls to cut to authorized individuals, those people should be connecting through the VPN and also using those credential to access what they need. This control also refers to Wireless and how you allow connectivity through that medium. You want to make sure you not only encrypt the connections but also have the ability to see who is connected and with that capability, you want to also be able to disconnect anyone you want in rapid succession.

You want to have the power to disconnect anyone you want to based on who is trying to access your network. You will see that when you turn on logging that your VPN tunnel and wireless network will make up your attack surface. You want to monitor your attack surface and see who is trying to connect, also when someone does compromise your security, you want to then be able to disconnect them. When you buy your firewall or VPN appliance make sure it has these capabilities, or purchase one that does and replace your equipment. The same goes for your wireless technology, make sure you can kick users off, isolate and deny IP addresses and make these changes immediately. All your products need to produce logs that we will monitor in another later control.

Subscribe to our Podcast