Our policy is simple.
Only company configured computers are allowed to VPN to the corporate network. It is the only way to be sure what is on the computer that accesses the network via VPN. This is a written policy and we work hard to enforce it on the technical side.
Hope that helps.
At 05:15 PM 3/13/2003 +0000, Jonathan Grotegut wrote:
Forgive me if this seems trivial or "newbieish" but I am new to
the "Security" end of computing.
With the new CERT Advisory CA-2003-08. I got me to thinking "What are
others policies, procedures, and requirements for home users connecting
via VPN to a corporate network?"
When a person connects a VPN connection from their home to the office,
they can very easily have a Trojan or a virus. This would allow for easy
infection or access to the corporate network.
What are what are your thoughts on policies, procedures, requirements for
VPN users connecting to the corporate network as far as Password
requirements, Personal Firewalls, Virus Software, Etc.?
Thanks in advance for your sugestions. By the way our clients vary. Our
clients are all in different professions, meaning we have everything from
health care providers to mortgage companies to printing companies.
Jonathan Grotegut
DirectPointe
