Secure Remote Access
Description
Secure Remote Access represents the capability allowing administrators to securely access the Scheol Lab infrastructure from external networks.
This capability is implemented through controlled entry points such as a bastion host and centralized identity management.
The objective is to ensure that all administrative access is authenticated, logged and restricted according to least-privilege principles.
Asset Identification
| Attribute | Value |
|---|---|
| Asset ID | BUS-ACC-01 |
| CI Type | Business |
| Asset Name | Secure Remote Access |
| Asset Category | Administrative Access Capability |
| Owner | Security Role (Sec) |
| Status | Planned |
| Location | Infrastructure perimeter |
| Primary Function | Controlled administrative access to infrastructure |
Asset Dependencies
| Dependency Type | Asset | Status |
|---|---|---|
| Access Platform | Teleport Bastion | Planned |
| Identity Platform | Identity Management Platform | Planned |
| Infrastructure | Proxmox Host | Active |
Relationships
| Relationship | Target CI |
|---|---|
| Uses | Teleport Bastion |
| Uses | Identity Management Platform |
| Supports capability | Governance & Documentation |
Asset Classification
| Criteria | Level |
|---|---|
| Confidentiality | 🟥 High |
| Integrity | 🟥 High |
| Availability | 🟨 Medium |
Criticality score: 🟥 High
Responsibilities
| Role | Responsibility |
|---|---|
| Security Role (Sec) | Access policies and authentication controls |
| Operations Role (Ops) | Infrastructure hosting the access platforms |
Security Controls (High-Level)
- Strong authentication mechanisms
- Role-based access control
- Access logging and monitoring
- Secure remote access protocols
Security Considerations
Potential risks include:
- Unauthorized remote access
- Credential compromise
- Insufficient access monitoring
Controls focus on authentication security, logging and least-privilege access.
Methodological References:
- ISO 27001 - Control 5.1 Policies for information security ; Control 8.2 Privileged access rights.
- NIST CSF - PR.AC Identity Management, Authentication and Access Control.
- EBIOS RM - Access control related assets.