Will do! Sorry, for the confusion and have included the previous messages i received from all the very kind people who uses this group. JB -
There are a lot of considerations you need to think about, not so much on the legal side but more on the security side. You have a company that first wants to have internet access - what's the purpose for the internet access? For outbound internet? What about inbound? Websites etc? What kind of digital information can be found at the mortgage company that the mortgage company wants to protect? What is the value of the information and what's the risk if the information has unauthorized access? This is your first concern. Now you want to connect other sites to this office. They'll need internet access as well. You can do two things. Do split tunneling, which means data bound for the internet goes directly to the satellites ISP and data bound for the home office is encrypted via VPN. Or you can disable split tunneling which means all the satellite's internet bound traffic goes to the home office and out the home offices ISP. The home office has opened up digital access from the internet to data that it might want to protect. So if the data is valuable, the home office needs to take the necessary steps to secure that data. Now you're connecting other offices to the home office. If these sites are using spit tunneling, you now how multiple security 'holes' that need to be managed to the degree that the home office is secured. And since 80% of all malicious attacks on digital data and resources comes from within, the home office has become much more vulnerable. With split-tunneling, you have to invest in security, again, equal to the home office. With split-tunneling disabled, you only have to concentrate internet related security at the home office, but this adds hops and latency. And now the home office needs to consider internal threats. This is a high level overview. There are a lot more details involved that require a lot of time and consideration. Steve -----Original Message----- From: J B [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 3:40 PM To: [EMAIL PROTECTED] Subject: Security rep for a mortgage company [7:57798] I have a client mortgage company the would like to connect to the internet and provide VPN access to the sattelite offices. Is there any legal or specific requirement they need to meet in order to allow access to users over the internet. Can somebody help. Thanks J barrera Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57798&t=57798 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ***************************************************************************** J B wrote: > > I have a client mortgage company the would like to connect to > the internet and provide VPN access to the sattelite offices. > Is there any legal or specific requirement they need to meet in > order to allow access to users over the internet. Can > somebody help. > Thanks > J barrera Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57859&t=57798 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]