RE: How secure is VPN access?

["dave kleiman" <dave () isecureu com>]

Cesar,

Would allow a user to bring their home computer to the office, and just hand
them an IP and allow them full network access?

Do your users have access to network resources through the VPN?

They can spread viruses, Trojans etc. to the network from the VPN.

No, you definitely should not let home computers access the VPN, you should
have complete control of the systems that do access via VPN and keep them
up-to-date, etc.

Citrix is a different story, as long as you restrict drive and port
redirection, it can be a "better-controlled" situation.


______________________________________
Dave Kleiman, CISSP, CISM, CIFI, MCSE
www.SecurityBreachResponse.com



 

-----Original Message-----
From: Cesar Diaz [mailto:cdiaz00 () gmail com] 
Sent: Wednesday, November 17, 2004 11:39
To: security-basics () securityfocus com
Subject: How secure is VPN access?

List,

After years of having VPN access for our remote users without a single know
security incident, my boss and I have to justify to her boss why VPN is
secure.

The CIO wants us to only allow users to access the network from company
laptops, not from their own home computers.  We currently will allow users
to install the VPN client software on their home computers to connect
remotely, or they can use Citrix through SSL access to get to network
resources.  His concern is that if a users home PC is compromised, that
compromise can spread to our network.

Is this a legitimate concern?  Can anyone point me in the direction of some
documentation backing either argument?

Thanks in advance for any help.

C