Re: Remote Access for Home Computers

[Devdas Bhagat <devdas () dvb homelinux org>]

On 24/08/05 01:19 -0000, nick_hunt () mascohq com wrote:
> Hello all
>
> I have been getting asked a lot lately about the possibility of letting
> users access corporate resources with their home computers via SSL VPN
> that has NAC features on it.  I keep on fighting it, mostly because I
> think it will cause a lot of support calls, but more importantly because
> I am afraid of the possible vulnerabilities of allowing un-managed
> machines access to our network.  I was wondering if anyone knew of
> any statistics or good articles on the letting users access corporate
> data with their home machines.  

Would the recent examples of _corporate_ laptops roaming around the
world before returning to the corporate network and bringing it down not
be sufficient?

Home machines are generally less secure than corporate systems, and they
definitely follow different security policies.

> The security implications that I am most worried about is:
> 1) worm propagation:  afraid infected machine will allow a worm onto
> our network.  Even though the SSL vpn does a check to see if AV is
> running and def's are up to date, and also does not give an IP on
> our network, there is the possibility of users uploading infected
> files to websites or network shares.

And a new virus/worm coming out for which your A/V vendor does not have
a signature blows all the checks out of the water.

A VPN is simply an extension of your corporate network. If you allow
access to file shares, you are allowing unknown hosts into your trusted
network. I would not normally allow a VPN into my systems unless I trust
the administrators of those hosts.

Devdas Bhagat