Limit remote access to what is strictly necessary

Remote access can be weakening security. It needs to be restricted to approved users and to necessary resources.

'Least privilege' is a fundamental security principle that means giving users what they need, but no more than that. It is equally valid for remote access, which must be the exception and not the norm.