I have to say reading this I had to get a floor jack to put my jaw back into my face it dropped so far.
This contractor has apparently discerned that you do NOT want him running a personal VPN on your network. But, he doesn't give a crap about what you want, he's doing it anyway. And on top of that he's doing it in a way to hide it. Did it not occur to you that if he doesn't give a shit about your rules against running a personal VPN that there is going to be other stuff you care about that he's not going to give a shit about either? Here's a thought. When you issue contracts to contractors just explicitly prohibit subcontracting. Then if John subcontracts anyway, then sue his ass out of business. As I said earlier, technical blocks are NOT the way to handle this problem. Ted -----Original Message----- From: PLUG <plug-boun...@pdxlinux.org> On Behalf Of Ishak Micheil Sent: Tuesday, April 18, 2023 12:02 PM To: Portland Linux/Unix Group <plug@pdxlinux.org> Subject: Re: [PLUG] 3rd party vpn Defense evasion The use cases I'm working on is to Prevent employees or contractors from subcontracting work. John is a contractor, hires someone else to do the work. Vdi setup, he shares his creds with the subcontractor who possibly actually in a different country. Using VPN services prior to logging in to mask thier locations . On Tue, Apr 18, 2023, 11:07 AM Russell Senior <russ...@personaltelco.net> wrote: > Can you elaborate, in general terms, on what the goal is? > > -- > Russell Senior > russ...@personaltelco.net > > On Tue, Apr 18, 2023 at 8:38 AM Ishak Micheil <isaa...@gmail.com> wrote: > > > Greetings, > > I am tasked to identify a solution to detecting users obfuscating > > their > ip, > > using verity of VPN services. > > > > What we've done > > - Prevent users from installing software (VPN Cliens) > > > > - Possibly having a code on endpoints, to collect ip addresses tied > > to > wifi > > or LAN connection prior to attaching to VPN service, > > > > any other ideas? > > >
