VPN is as secure as how well it is implemented and used. Also, the various
encryption algorithms used determine how secure it is. Like everything, it
is as strong as the weakest link and usually in this scenario that means the
home user or their PC.
You're right about the two factor authentication. What were you thinking of
using-smart cards or similar?
Giving home users the list of things they must have in place(AV for example)
is a good idea. Will you allow them to split tunnel from their home
connections or will they have to come through the VPN connection to be able
to browse so that they can still go through your firewall/proxy etc?
Second option is safer but prob slower. And how would you control them when
they're not on a VPN?
Depending on how far you want to go, you could specify that they only use
their laptop for the VPN and have no split and then they can use their home
pc for their own use.
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Sohail Sarwar
Sent: Monday, June 18, 2007 11:08 PM
To: Scott Ramsdell; WALI; security-basics@securityfocus.com
Subject: VPN and Security
Hi there,
I just wanted to put this out there. How secure is VPN.
Meaning, if my users take home the client and install it on their
desktop at home, and connect to the corporate network and production
network, wheat are we really looking at. Are they secure or not.
Two factor authentication would only help the authentication
purpose and to protect the user name and password ?
How about restricting them to access, and how about worrying
about their home computer that can be effected.
Has anyone been through this. Any one give home users a list of
requirements that they must have before vpn can be offered to them ?
Should there be some type of desktop policy installed on their
home computer, just to protect the company network ? Any help and
guidance would be great
Regards,
Sohail
