Jonathan Grotegut wrote:
Forgive me if this seems trivial or "newbieish" but I am new toAny Internetwork should have equal security at all access points to the internet.
the "Security" end of computing.
With the new CERT Advisory CA-2003-08. I got me to thinking "What are
others policies, procedures, and requirements for home users connecting
via VPN to a corporate network?"
When a person connects a VPN connection from their home to the office,
they can very easily have a Trojan or a virus. This would allow for easy
infection or access to the corporate network.
What are what are your thoughts on policies, procedures, requirements for
VPN users connecting to the corporate network as far as Password
requirements, Personal Firewalls, Virus Software, Etc.?
Thanks in advance for your sugestions. By the way our clients vary. Our
clients are all in different professions, meaning we have everything from
health care providers to mortgage companies to printing companies.
Jonathan Grotegut
DirectPointe
I guess that means you (or whoever wantsa vpn connection the the corporate network) should have just as good security measures as the networks you are connecting to.
What if the corporation has a PIX or some other expensive firewall equipment? Then you should have sime kind of hardware firewall, maybe a linux gateway running iptables. Then a software firewall on the workstation with a good virus scanner to keep trojans and such off that machine.
Cam
