Security Basics mailing list archives
Remote Access for Home Computers
From: nick_hunt () mascohq com
Date: 24 Aug 2005 01:19:02 -0000
Hello all I have been getting asked a lot lately about the possibility of letting users access corporate resources with their home computers via SSL VPN that has NAC features on it. I keep on fighting it, mostly because I think it will cause a lot of support calls, but more importantly because I am afraid of the possible vulnerabilities of allowing un-managed machines access to our network. I was wondering if anyone knew of any statistics or good articles on the letting users access corporate data with their home machines. The security implications that I am most worried about is: 1) worm propagation: afraid infected machine will allow a worm onto our network. Even though the SSL vpn does a check to see if AV is running and def's are up to date, and also does not give an IP on our network, there is the possibility of users uploading infected files to websites or network shares. 2) user copying confidential information to their home machines and then that information getting comprimised. SSL vpn has the funtionality to block copying of files down to the local machine but misconfigurations or vulnerabilities in the VPN could allow for these controls to be subverted. 3) Machine that is infected with some type of bot getting on the VPN and launching a denial of service attack against internal servers. If anyone can give me more possible attacks, and more importantly any statistics on other companies that have done this and had problems would help me with taking this argument to my management. Thanks for the help Nick
Current thread:
- Remote Access for Home Computers nick_hunt (Aug 24)
- RE: Remote Access for Home Computers alz3k3 (Aug 26)
- Re: Remote Access for Home Computers Sap . (Aug 26)
- Re: Remote Access for Home Computers Devdas Bhagat (Aug 26)
- RE: Remote Access for Home Computers Dan Tesch (Aug 29)
- Re: Remote Access for Home Computers Ramki B (Aug 26)
- <Possible follow-ups>
- RE: Remote Access for Home Computers Beauford, Jason (Aug 26)
- Re: Remote Access for Home Computers c . b1 (Aug 30)