BS ISO/IEC 18028-4:2005

Foreword
Introduction
1 Scope
2 Terms, definitions and abbreviated terms
3 Aim
4 Overview
5 Security requirements
6 Types of remote access connection
7 Techniques of remote access connection
  7.1 General
  7.2 Access to communications servers
  7.3 Access to LAN resources
  7.4 Access for maintenance
8 Guidelines for selection and configuration
  8.1 General
  8.2 Protecting the RAS client
  8.3 Protecting the RAS server
  8.4 Protecting the connection
  8.5 Wireless security
  8.6 Organizational measures
  8.7 Legal considerations
9 Conclusion
Annex A (informative) Sample remote access security policy
  A.1 Purpose
  A.2 Scope
  A.3 Policy
  A.4 Enforcement
  A.5 Terms and definitions
Annex B (informative) RADIUS implementation and deployment
                      best practices
  B.1 General
  B.2 Implementation best practices
  B.3 Deployment best practices
Annex C (informative) The two modes of FTP
  C.1 PORT-mode FTP
  C.2 PASV-mode FTP
Annex D (informative) Checklists for secure mail service
  D.1 Mail server operating system checklist
  D.2 Mail server and content security checklist
  D.3 Network infrastructure checklist
  D.4 Mail client security checklist
  D.5 Secure administration of mail server checklist
Annex E (informative) Checklists for secure web services
  E.1 Web server operating system checklist
  E.2 Secure web server installation and configuration checklist
  E.3 Web content checklist
  E.4 Web authentication and encryption checklist
  E.5 Network infrastructure checklist
  E.6 Secure web server administration checklist
Annex F (informative) Wireless LAN security checklist
Bibliography

Provides guidance for securely using remote access - a method to remotely connect a computer either to another computer or to a network using public networks - and its implication for IT security. Introduces the different types of remote access including the protocols in use, discusses the authentication issues related to remote access and provides support when setting up remote access securely.

This part of ISO/IEC 18028 provides guidance for securely using remote access - a method to remotely connect a computer either to another computer or to a network using public networks and its implication for IT security. In this it introduces the different types of remote access including the protocols in use, discusses the authentication issues related to remote access and provides support when setting up remote access securely. It is intended to help network administrators and technicians who plan to make use of this kind of connection or who already have it in use and need advice on how to set it up securely and operate it securely.