Employee remote Access and Security

[S0h0us () yahoo com]

So we have a policy in place to allow our employees to work from home. A corporate VPN is in place, multifactor 
authentication, endpoint security deployed, (you name it) remote access limited to employees with business need (IT 
staff, etc), we have developed policies for accessing resources over this vpn and guidelines for best security 
practices (acceptable use and sanction policies). We monitor VPN usage (login/logoffs, etc). Our company deals with 
sensitive customer information. With all that a level of risk still exists. Most people's concerns are that 
confidential information is being accessed from locations outside the physical control of the company (a nature of this 
technology) so  this information could be exposed to unauthorized individuals. I'll get "how do we know that Joe isn't 
showing all this information to his friends when he's home"..yeah, I know...
So I was wondering what other controls were being used by you to allow remote access while maintaining appropriate 
security controls...Suggestions have been made regarding creating a profile for VPN users that limits their access to 
confidential data but that would defeat the purpose of the work from home effort...
Thanks for your feedback...


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------