Basic rules for the use of remote maintenance accesses
Regardless of the size or industrial sector of a company – due to the increasingly complex hard- and software the use of external experts, who access the corporate systems from the outside, becomes more and more necessary. As this poses a significant security risk, the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) published eight “basic rules for the protection of remote maintenance accesses” (https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/downloads/BSI-CS_054.html, only German):
Basic rule 1: The initiative for a support or a remote maintenance access should come from the user.
Basic rule 2: The remote access should be encrypted.
Basic rule 3: The operator of the remote maintenance has to authenticate himself before gaining access to the system
Basic rule 4: The object of remote maintenance should be – at least during the remote maintenance session – isolated from the rest of the net to prevent intended or unintended accesses of the operator to other computers or server.
Basic rule 5: Modifications on the central security gateways for the establishment of the remote accesses should be as low as possible.
Basic rule 6: The execution of the remote maintenance has to be recorded.
Basic rule 7: The operator of the remote maintenance should not receive more rights than absolutely necessary for the fulfillment of his tasks.
Basic rule 8: Crucial point for the choice of a remote maintenance provider should be his reliability. Thus the customer should arrange appropriate control mechanism.
With VISULOX you can implement the basic rules of the BSI easily and securely. With the Software Suite VISLUOX, which was developed in Germany, you can control, monitor, document, check and prove all remote accesses of external users centrally. A clear identification of the user is possible via 2-Factor-Authentication, the module Recording records all screen actions (and key strokes if needed). Furthermore the data exchange can be monitored, limited or even prohibited with the module “File Transfer”. While using the module “Dual Control” the external provider can work only if an employee is present and confirms his presence regularly to the system.
All security actions are according to data privacy laws. Recordings are stored encrypted and the external provider has to agree with the recording.
You have any questions concerning VISULOX – please do not hesitate to contact us! Contact.