Re: Home users with VPN connections

[lassal <lassal () attbi com>]

Our policy is simple.

Only company configured computers are allowed to VPN to the corporate 
network.  It is the only way to be sure what is on the computer that 
accesses the network via VPN.  This is a written policy and we work hard to 
enforce it on the technical side.

Hope that helps.


At 05:15 PM 3/13/2003 +0000, Jonathan Grotegut wrote:


> Forgive me if this seems trivial or "newbieish" but I am new to
>
> the "Security" end of computing.
>
>
>
> With the new CERT Advisory CA-2003-08.  I got me to thinking "What are
>
> others policies, procedures, and requirements for home users connecting
>
> via VPN to a corporate network?"
>
>
>
> When a person connects a VPN connection from their home to the office,
>
> they can very easily have a Trojan or a virus.  This would allow for easy
>
> infection or access to the corporate network.
>
>
>
> What are what are your thoughts on policies, procedures, requirements for
>
> VPN users connecting to the corporate network as far as Password
>
> requirements, Personal Firewalls, Virus Software, Etc.?
>
>
>
> Thanks in advance for your sugestions.  By the way our clients vary.  Our
>
> clients are all in different professions, meaning we have everything from
>
> health care providers to mortgage companies to printing companies.
>
>
>
> Jonathan Grotegut
>
> DirectPointe