How to meet the requirements of GOST R 57580 to ensure secure remote access from mobile devices without prohibiting their use
Many articles have been written about the mandatory requirements of GOST R 57580 for financial organizations, the procedure for their implementation and methods of conformity assessment, many recommendations have been given, and many comments have been made. According to the requirements of the Central Bank, by 01.01.2021 it is necessary not only to ensure compliance with the requirements of the standard, but also to provide the regulator with a report on this compliance. There are many qualified audit companies on the Russian market that provide services to financial institutions, but proof of compliance sometimes turns into a polemic in the style: βI have not read it, but I condemn it!β.
We would like to share our practical experience in implementing one of the eight processes, referred to in GOST as "Process 8. Information protection during remote logical access using mobile (portable) devices."
The basic composition of measures to protect information from disclosure and modification when implementing remote access
ITCH. 1. Determination of remote access rules and a list of access resources to which remote access is provided
The rules are simple: remote access should be provided upon request if there is a business need; no employee should be given remote access to all resources, only access to a limited number of resources required for work. The implementation of this organizational measure is confirmed by regulatory documents that determine the procedure for providing remote access - a remote access policy that refers to the general information security policy, templates for applications for providing access, etc.
ITCH. 2. Authentication of mobile (portable) remote access devices
. , . , ..
.3. () , ( Mobile Device Management, MDM)
.10, (root, jailbreak), . . EMM- ( . Enterprise Mobility Management β ), MDM (Mobile Device Management β ). 57580 , MDM.
, , , MDM-. , , , MDM . , , VPN- MDM MS ActiveSync, .6.
, , MDM . , IT .
.4. ,
.2. , , . , , () . HTTPS, .
.5 , , , .2 .4
, . . , , β , , .
: , β , , ().
, . , .. , . , β .
.6 () () .
VPN, Wi-Fi- . . .
β MDM VPN. MDM , , . VPN , , , VPN- VPN .
.7 , , .2 .4
- , β URL-, . VPN- , . VPN , VPN-. Android MDM-. iOS VPN-. VPN-, MDM, , VPN.
. .
.8 , ()
.7 , . .7, .
.9 ()
.1. . . «» β , . , , .
()
.10 (MDM-)
. , . 12 MDM.
,
. Android 7 . Android 6 MDM, . iOS , , MDM .
MDM-. , . , , . .
Apple Google Find My Device, , . Apple, iPhone iPad .
, Find My Device . , . , , , , . .
:
Find My Device;
Find My Device ;
Find My Device MDM-.
MDM , , , , . : , 27- , , .
: , (1111, 2222) / (1234, 9876), , 4β6 .
, , Windows macOS. , , , MDM, . 8β10 .
,
, . . , MDM . .
, . Android 10 Android- Samsung Samsung E-FOTA One. .
β . , , . , Android 8.1 Android 8.2, , c iOS 13 iOS 14, , . Android- Samsung, .
, .
, , , Wi-Fi, , Bluetooth, , Wi-Fi, Bluetooth USB .. Bluetooth.
. . : Android- Β« Β», , (SD-), . iOS , .
, - . MDM .
, / . , , , , .
MDM- , , . , , , , .. MDM , .
, , MDM-. , .11.
() USB-,
USB . , , .
MDM Google Play App Store. , , . , , .
iOS , macOS XCode USB. iOS- supervised MDM , , supervised-. iOS- USB.
,
MDM- . Wi-Fi- . , VPN-, VPN- . , . , -, (API), MDM- . VPN- , VPN. MDM- .
MDM- , , . . :
. , , , ;
, ;
, ;
. .
SIM-
SIM- . . , , , β SIM-, . SIM- MDM.
, (, iCIoud)
. .
iCloud, DropBox, Β« Β», Google Drive . iCloud iOS Google Android. .
. , . , . .
SIM-
. SIM- β MDM SIM-. , , SIM- . SIM- , MDM . VPN- SIM-.
.11 ()
, . , . , Google Play App Store, , .
.
MDM, .
. , MDM Google Play App Store.
MDM. . , Google Play.
iOS . iOS , iOS . iOS .11.
.12 () , , () , , ()
, , . , , , , . . , .
, , 57580, , -.