The following information was obtained from the different cyber security sources and provided as a notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).
The information provided is classified as Restricted pursuant to the PNP Regulation 200-012 on document securitywith impact rating of significant and threat rating of high,based on PNP Information Communication p. 22 and p.129.
Remote access is the ability to gain access to a computer from a remote location. This enables the individual to work offsite while still having an access to a distant computer. Remote access can be set-up through a Local Area Network (LAN), a Wide Area Network (WAN) or a Virtual Private Network (VPN). Nowadays, remote access is no longer confined with this premise and the traditional security controls do not provide sufficient policy enforcement which either result in laxity in terms of security of inflexibility to deliver services.
Unsecure remote access is the mechanism used by attackers to infiltrate enterprises. This serve as the jumping-off point to get deeper into an organization. The biggest underlying problem with remote access technology is poor identity validation and weak authentication and therefore the following must be taken into consideration:
• The type of device required to permit remote access as well as the ownership of such device, whether it is company issued or personal;
• The duties and responsibilities of the person granted with the permission for remote access and the limitation of the privileges/rights given to an account;
• The location of access and the means used to connect, whether it may be in public or via private connection;
• The processes and data accessible thru remote connection; and
• The authentication used when granting permission for a remote connection.
The community are advised to follow the best practices in securing and protecting a Remote Access connection for personal use or for work:
• Use a secure encrypted protocol as a means of communication,
• Use strong passwords.
• Do not set-up automatic logon on mobile devices.
• Never store passwords on mobile devices/computers.
• Immediately remove remote access privileges to resigned/retired employees.
• Regularly update firewall and VPN systems.
For additional information, please refer to the following security websites:
POINT OF CONTACT