USER’S GUIDE TO SECURING EXTERNAL DEVICES FOR TELEWORK AND REMOTE ACCESS
Table of Contents
Executive Summary..............................................................................................................ES-1
1. Introduction ......................................................................................................................1-1
1.1 Authority...................................................................................................................1-1
1.2 Purpose and Scope .................................................................................................1-1
1.3 Audience..................................................................................................................1-1
1.4 Document Structure.................................................................................................1-1
2. Overview of Telework Technologies..............................................................................2-1
2.1 Remote Access Methods.........................................................................................2-1
2.2 Telework Devices.....................................................................................................2-2
2.3 Telework Device Security Overview ........................................................................2-3
3. Securing Information.......................................................................................................3-1
4. Securing Home Networks and Using External Networks.............................................4-1
4.1 Wired Home Networks .............................................................................................4-1
4.2 Wireless Home Networks.........................................................................................4-2
4.3 External Networks....................................................................................................4-4
5. Securing Telework PCs ...................................................................................................5-1
5.1 Software Updates ....................................................................................................5-1
5.2 User Accounts and Sessions...................................................................................5-2
5.2.1 Use Accounts with Limited Privileges...........................................................5-2
5.2.2 Protect Accounts with Passwords ................................................................5-2
5.2.3 Protect User Sessions from Unauthorized Physical Access ........................5-3
5.3 Networking Configuration.........................................................................................5-3
5.3.1 Disable Unneeded Networking Features......................................................5-3
5.3.2 Limit the Use of Remote Access Utilities......................................................5-4
5.3.3 Configure Wireless Networking ....................................................................5-4
5.4 Attack Prevention.....................................................................................................5-4
5.4.1 Install and Configure Antivirus and Antispyware Software...........................5-5
5.4.2 Use Personal Firewalls.................................................................................5-6
5.4.3 Enable and Configure Content Filtering Software ........................................5-7
5.5 Primary Application Configuration............................................................................5-8
5.5.1 Web Browsers ..............................................................................................5-8
5.5.2 Email Clients...............................................................................................5-10
5.5.3 Instant Messaging Clients ..........................................................................5-11
5.5.4 Office Productivity Suites............................................................................5-11
5.6 Remote Access Software Configuration ................................................................5-11
5.7 Security Maintenance and Monitoring....................................................................5-12
6. Securing Telework Consumer Devices..........................................................................6-1
7. Considering the Security of Third-Party Devices .........................................................7-1
iv
