Re: Security and VPN

From: Kurt Buff (kurt.buff@gmail.com)
Date: Fri Jun 22 2007 - 11:49:24 EDT

• Next message: Zhihao: "RE: Security and VPN"
• Previous message: Christine Kronberg: "Re: Strange ports"
• In reply to: Andrew Vliet: "RE: Security and VPN"
• Next in thread: Matthew Leeds: "Re: Security and VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 6/19/07, Andrew Vliet <Andrew.Vliet@lvs1.com> wrote:
> Sohail Sarwar,
>
> 2 factor authentication is great, but personally I would go one further
> than Philip. I would not be putting VPN clients on employee owned
> systems. Yes, I say no clients - period. Too many variables - too
> insecure.
>
> I understand that it's expensive, but none the less, I would either put
> in a Citrix farm or purchase dedicated, company owned and maintained
> machines for your employees to use at home. Add the VPN client to these
> machines company owned machines.
>
> When considering the speed and volatility of trojans and viruses these
> days; Adding VPN to an unknown, uncontrolled, insecure client - even
> after adding Antivirus checking, etc - is simply asking for trouble.
>
> Of course, we haven't even touched on the legal and privacy implications
> of the company having direct access to an employee's personal network,
> all computers there-in and visa versa.
>
> VPN on employee machines == bad idea - don't do it. Provide Citrix or
> dedicated, managed machines.
>
> Regards,
> Andrew Vliet

I fully agree - no employee machines on the network. However, our
company will not entertain the idea of either a Citrix solution or
loaner machines for people to take home. We've come up with a solution
that mitigates this risk, at the cost of some end-user effort.

We have cobbled together a VMWare player app, with Ubuntu running
IPSec for connectivity and rdesktop so that they can connect to their
own machines, or a TS server.

This works well, if they have any kind of decent machine at home.

Kurt

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Zhihao: "RE: Security and VPN"
• Previous message: Christine Kronberg: "Re: Strange ports"
• In reply to: Andrew Vliet: "RE: Security and VPN"
• Next in thread: Matthew Leeds: "Re: Security and VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:53 EDT