Security Assessment > Modem Policy    

why you need a policy on modem access

Although a firewall provides a large measure of protection to your network and your business systems, it is cheap and easy for someone to configure a modem onto one of the computers on your network or to a part of your critical infrastructure. At a stroke a modem connection can bypass the access controls your firewall provides, exposing vulnerabilities that the firewall was designed to close.

Part of the purpose of a policy on modem access is to allow you to highlight the risks associated with it, which are clearly significant. Ideally, a modem policy should dictate that ad-hoc connections are explicitly forbidden. The policy must be communicated effectively to staff so that they understand the potential damage that can result from such an apparently trivial act. There must be a commensurate deterrent. There must be an effective means of policing and enforcement.

Prevention is better than cure.

The purpose of a well-stated and communicated modem access policy is to reduce the risk of a security breach by educating staff as to the threat. Removing the defence of ignorance might make retribution after the fact easier, but the primary aim of education is to prevent the breach occurring in the first instance.

Any modem access presents an additional risk to the security of your organisation if it is not secured or monitored effectively. By making any requirement visible, the risk can be quantified, steps taken to mitigate the risk, and balanced against the business benefit of providing remote access.

continue...

Copyright © 2017 Xiscan® Limited. All Rights Reserved.