I just wanted to put this out there. How secure is VPN.
Meaning, if my users take home the client and install it on their
desktop at home, and connect to the corporate network and production
network, wheat are we really looking at. Are they secure or not.
VPNs are only as secure as you make and maintain them. From your
questions it is evident that you do not have the basic understanding
of the technologies behind it. Try googling for "VPN", paying special
attention to RFCs. You have some homework to do, so go do them.
Two factor authentication would only help the authentication
purpose and to protect the user name and password ?
I am not certain what you mean by "only". The basic tenets of
security suggest that good security can be achieved when you
authenticate potential clients with "something they have, something
they are, and something they do". If you require more than just the
username and password in order to get in (like a smart card or
biometrics), you reduce the chance that an intruder could compromise
the authentication process. Exactly what are you trying to do?
How about restricting them to access, and how about worrying
<snip...>
The rest of your questions are valid concerns, and there are many
products out there that will control exactly what corporate resources
the user can access (and the time of day when the user can access
them), and verifying that the client machine the user is using meets
pre-determined security criteria (i.e. updated anti-virus definitions,
no spywares found, up-to-date operating system patches, etc.). As
part of your planning, you must also consider the risks of letting
users use their home machines versus requiring them to use *only*
authorized machines. Again, you need to do some homework and define
more precisely what you are attempting to consider. Once you have
done so, please post back on the list again with specific questions,
and we'd be glad to help.
SC
