Re: How secure is VPN access?

[Nathaniel Hall <halln () otc edu>]

Normally, VPNs are very secure, however, I do have to agree with the CIO 
on this one.  Unless the user can prove that they are taking all 
necessary security precautions, such as anti-virus and firewalls, and 
that they are remaining up to date, they should not have their own 
personal computers connected through a VPN.  Company owned laptops could 
still pose a problem, but are less risk.

The reason company owned laptops could still pose a problem is because 
of the large number of users who are using their own private networks 
and connecting the company laptop to their own network.  Why does this 
pose a problem?  If the home computer is infected with a virus that 
spreads via the network and the business laptop is not protected against 
the threat, the virus could spread to the laptop and then continue to 
the company network through the VPN.  Yes, it is probably an unusual 
circumstance, but it is possible.

Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln () otc edu
417-447-7535



Cesar Diaz wrote:

> List,
>
> After years of having VPN access for our remote users without a single
> know security incident, my boss and I have to justify to her boss why
> VPN is secure.
>
> The CIO wants us to only allow users to access the network from
> company laptops, not from their own home computers.  We currently will
> allow users to install the VPN client software on their home computers
> to connect remotely, or they can use Citrix through SSL access to get
> to network resources.  His concern is that if a users home PC is
> compromised, that compromise can spread to our network.
>
> Is this a legitimate concern?  Can anyone point me in the direction of
> some documentation backing either argument?
>
> Thanks in advance for any help.
>
> C
>