December 23, 2021 by Admin
An IS auditor is reviewing the remote access methods of a company used to access system remotely. Which of the following is LEAST preferred remote access method from a security and control point of view?
Dial-up connectivity not based on centralize control and least preferred from security and control standpoint.
Remote access user can connect remotely to their organization’s networks with the same level of functionality as if they would access from within their office.
In connecting to an organization’s network, a common method is to use dial-up lines. Access is granted through the organization’s network access server (NAS) working in concert with an organization network firewall and router. The NAS handle user authentication, access control and accounting while maintaining connectivity. The most common protocol for doing this is the Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Controller System (TACACS).
Remote access Controls include:
Policy and standard
Identification and authentication mechanism
Encryption tool and technique such as use of VPN
System and network management
CISA Review Manual 2014 Page number 334