Re: Remote desktop access policy

[jenna <jennasec-focus () yahoo co uk>]

Hi
My main concern would be why they requre access to their desktop.   Anything to do with the business should be on a 
file server to ensure it gets backed up.  Users would then only need access to the server thus negating the need to 
leave their desktops left on.

If you allow  any access to your network, ensure you have a tool in place to check that their home machine has an 
updated AV as well as MS updates.  Users will also be able to copy files to their home machine so ensure this is 
covered by the policy and ensure everybody is aware - you could ask people to sign a form acknowledging this.

Jenna



----- Original Message ----
From: WALI <hkhasgiwale () gmail com>
To: security-basics () securityfocus com
Sent: Friday, 18 January, 2008 1:33:18 PM
Subject: Remote desktop access policy

Hi guys...do you have any remote desktop policy clauses that you can share?
I am having difficulties in trying to tell people the hazards of haphazardly 
asking IT guys the perils of asking access to their desktops when the come 
in via VPN.

Everyone wants to have a VPN client and then to a remote desktop session to 
their desktop.

How can I tell them the threats of doing so? Are there any threats? Should I 
restrict such usage? For one, it makes a lot of economic sense to switch off 
PC once a user leaves his/her desk for the day.


      ___________________________________________________________
Support the World Aids Awareness campaign this month with Yahoo! For Good http://uk.promotions.yahoo.com/forgood/