Security Basics mailing list archives
Employee remote Access and Security
From: S0h0us () yahoo com
Date: Wed, 9 Jun 2010 13:47:10 -0600
So we have a policy in place to allow our employees to work from home. A corporate VPN is in place, multifactor authentication, endpoint security deployed, (you name it) remote access limited to employees with business need (IT staff, etc), we have developed policies for accessing resources over this vpn and guidelines for best security practices (acceptable use and sanction policies). We monitor VPN usage (login/logoffs, etc). Our company deals with sensitive customer information. With all that a level of risk still exists. Most people's concerns are that confidential information is being accessed from locations outside the physical control of the company (a nature of this technology) so this information could be exposed to unauthorized individuals. I'll get "how do we know that Joe isn't showing all this information to his friends when he's home"..yeah, I know... So I was wondering what other controls were being used by you to allow remote access while maintaining appropriate security controls...Suggestions have been made regarding creating a profile for VPN users that limits their access to confidential data but that would defeat the purpose of the work from home effort... Thanks for your feedback... ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Employee remote Access and Security S0h0us (Sep 10)
- Re: Employee remote Access and Security Todd Haverkos (Sep 14)