Security Basics mailing list archives
RE: Remote Access for Home Computers
From: "Dan Tesch" <dan.tesch () comcast net>
Date: Sat, 27 Aug 2005 08:39:47 -0500
I allow VPN access to my networks but only allow port 3389 for users to access their own desktops - policies that apply while they are at their desks stil apply and I have not heard of any viri working over 3389 *yet* but I guess that is what defense in depth is for? On 24/08/05 01:19 -0000, nick_hunt () mascohq com wrote:
Hello all I have been getting asked a lot lately about the possibility of letting users access corporate resources with their home computers via SSL VPN that has NAC features on it. I keep on fighting it, mostly because I think it will cause a lot of support calls, but more importantly because I am afraid of the possible vulnerabilities of allowing un-managed machines access to our network. I was wondering if anyone knew of any statistics or good articles on the letting users access corporate data with their home machines.
Would the recent examples of _corporate_ laptops roaming around the world before returning to the corporate network and bringing it down not be sufficient? Home machines are generally less secure than corporate systems, and they definitely follow different security policies.
The security implications that I am most worried about is: 1) worm propagation: afraid infected machine will allow a worm onto our network. Even though the SSL vpn does a check to see if AV is running and def's are up to date, and also does not give an IP on our network, there is the possibility of users uploading infected files to websites or network shares.
And a new virus/worm coming out for which your A/V vendor does not have a signature blows all the checks out of the water. A VPN is simply an extension of your corporate network. If you allow access to file shares, you are allowing unknown hosts into your trusted network. I would not normally allow a VPN into my systems unless I trust the administrators of those hosts. Devdas Bhagat
Current thread:
- Remote Access for Home Computers nick_hunt (Aug 24)
- RE: Remote Access for Home Computers alz3k3 (Aug 26)
- Re: Remote Access for Home Computers Sap . (Aug 26)
- Re: Remote Access for Home Computers Devdas Bhagat (Aug 26)
- RE: Remote Access for Home Computers Dan Tesch (Aug 29)
- Re: Remote Access for Home Computers Ramki B (Aug 26)
- <Possible follow-ups>
- RE: Remote Access for Home Computers Beauford, Jason (Aug 26)
- Re: Remote Access for Home Computers c . b1 (Aug 30)