VPN Security

[Kevin Reedy <KReedy () EXCELSIOR EDU>]

Hi All,

We are looking into rolling out VPN access in addition to our more standard
Citrix application publication for certain users that have more specialized
needs that can't be easily met by application publishing.

We have many options on how to secure client VPNs, and will be using two
factor authentication.  I'd like to do more, if you are actively using
software VPN for employees with any of the following I'd love hear how it
is working for you:

   Only authorized endpoints.  Users would have to make the request and get
   the device registered with IT in order to use it to access VPN.
   Only institutional devices, similar to above, but only college devices
   would be allowed to connect.  We are not BYOD and don't have the
   infrastructure in place to verify AV etc on other devices.
   Using firewall rules to limits services - this may be the most work of
   them all, but it allows us to create pretty granular control over who
   can access what.


If you are using none of the above what sort of issues have you
encountered?  Infected devices on the VPN, etc?

Thanks in advance!

-Kevin

Kevin Reedy
Executive Director, Information Security
Excelsior College
(518) 464-8720


This message and any attachments contain confidential  Excelsior College information intended for the specific 
individual and purpose. If you are not the intended recipient, you should notify the College and delete this message. 
Any disclosure, copying, distribution or inappropriate use of this message is strictly prohibited.