文章基本信息

标题：A Domains Approach to Remote Access Logical Vulnerabilities Classification
本地全文：下载
作者：Samuel Ndichu ; Sylvester McOyowo ; Henry Okoyo 等
期刊名称：International Journal of Computer Network and Information Security
印刷版ISSN：2074-9090
电子版ISSN：2231-4946
出版年度：2019
卷号：11
期号：11
页码：36-45
DOI：10.5815/ijcnis.2019.11.05
出版社：MECS Publisher
摘要：Remote access facilitates collaboration and the creation of a seamless work environment. This technology enables employees to access the latest versions of data and resources from different locations other than the organization’s premises. These additional locations include home or untrusted networks not governed by the organization's security policy and baseline. Balancing between security and accessibility is a significant challenge. Remote access can be a high-security risk if not correctly safeguarded and monitored. This paper presents some technologies and methods for remote access. It then highlights security concerns, attack vectors, and logical vulnerabilities in remote access. To address these security concerns and weaknesses, we present a domains approach to logical vulnerabilities in remote access and vulnerability scoring using the Common Vulnerability Scoring System (CVSS). Domains simplify device and user authentication and separate the organization network into logical and discrete entities. The separation enables a unique security application to each domain. Vulnerability scoring enhances remediation efforts through prioritization of the logical vulnerabilities. The approach comprehensively covers all points of compromise during remote access and contributes to effective logical vulnerability management. The results of the experiments provide evidence that all remote access domains have a high severity rating of at least a 7.28 CVSS score. Our study highlights the drawbacks of the current remote access methods and technologies such as the Virtual Private Network (VPN) and shows the importance of securing all domains during remote access.
关键词：Remote access;logical vulnerabilities;domains;attack vectors;vulnerability scoring