Re: Security and VPN

["Kurt Buff" <kurt.buff () gmail com>]

On 6/19/07, Andrew Vliet <Andrew.Vliet () lvs1 com> wrote:
> Sohail Sarwar,
>
> 2 factor authentication is great, but personally I would go one further
> than Philip.  I would not be putting VPN clients on employee owned
> systems.  Yes, I say no clients - period.  Too many variables - too
> insecure.
>
> I understand that it's expensive, but none the less, I would either put
> in a Citrix farm or purchase dedicated, company owned and maintained
> machines for your employees to use at home.  Add the VPN client to these
> machines company owned machines.
>
> When considering the speed and volatility of trojans and viruses these
> days;  Adding VPN to an unknown, uncontrolled, insecure client - even
> after adding Antivirus checking, etc - is simply asking for trouble.
>
> Of course, we haven't even touched on the legal and privacy implications
> of the company having direct access to an employee's personal network,
> all computers there-in and visa versa.
>
> VPN on employee machines == bad idea - don't do it.  Provide Citrix or
> dedicated, managed machines.
>
> Regards,
> Andrew Vliet

I fully agree - no employee machines on the network. However, our
company will not entertain the idea of either a Citrix solution or
loaner machines for people to take home. We've come up with a solution
that mitigates this risk, at the cost of some end-user effort.

We have cobbled together a VMWare player app, with Ubuntu running
IPSec for connectivity and rdesktop so that they can connect to their
own machines, or a TS server.

This works well, if they have any kind of decent machine at home.

Kurt

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------