Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Should you let people VPN into work from their personal/home computers?

Posted on 2009-07-09
6
Medium Priority
?
396 Views
Last Modified: 2013-11-15
I (the IT Manager for our company of about 100 people) have installed local VPN clients on all the company provided laptops so that these people can VPN from outside while at home or on the road. These laptops are company provided and I can monitor the anti-virus software through an administrative console as well as monitor other things on the laptops because they ARE company provided and have to conform to our policies, GPO's, etc....In the past 6 months however, I've been asked by more and more employees to have the VPN client installed on their PERSONAL/HOME machines, and their supervisors are of course approving it, because they would like them to work from home on the .weekends and evenings.  I see this as a HUGE security risk, as who knows what they have (or DON'T have) on their home machines, who uses them, etc.....Has anyone else had experience with this type of thing, and how can I convince my boss (a non-IT person) that this is NOT a good idea?  
0
Comment
Question by:tenover
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 2000 total points
ID: 24815147
We definitely DO NOT allow users to have VPN on their personal computers. We only allow it on our owned assets. Think about it when someone connects via VPN they are on the network and any little nasties they have on their machine now have a connection to everythign in your orgainzation.

I would highly advise against this, I would try to push for citrix as an alternative if possible.
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24815202
I agree. These systems can not be trusted. Our company has the same policy in place. We do not allow VPN connections from anything but company equipment.

Think of it as someone walking into your office and plugging up their computer to an office port. They have direct access to your network.

One option though would be a NAC device which requires all VPN users to pass pre-determined requirements (proper AV, Firewall settings etc...) or they are either denied access or given limited access to the network. NACs though from what i hear are pretty involved and can get quite expensive to setup and manage.
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 24815211
One more thing to add, lets be honest the average computer user in any organization is basically computer illiterate. Sure they may know how to user office and email and some other basic programs but for the most part they have no clue if and when their pcs are infected. So lets just say for instance you have a user who is infected with a virus/spyware and their connecting via the VPN. They open some files do their normal work etc but they have a piece of malware that modifies files they work on with launch points or droppers. Anyone else who opens that file then has a chance to get infected.

Not to mention that once the user is on the VPN they can connect to their email account/contacts. If they have an smtp enabled virus/malware on their machine then you could easily start seeing spam runs being directed to people in your company and also to outisde address from your company.

If your boss is no an IT person the best analogy I can give is this. "Would you go around handing out keys to your house to anyone that asked?" "Would you allow just anyone off the street to walk into your home and do what they please?" Because that is ultimately what this boils down to.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 8

Expert Comment

by:bsohn417
ID: 24818077
xxdcmast, that1guy15, I am also in favor of not having VPN from users home PC.

you don't know who bad their pcs are infected with stuff, that you don't even want to know about.
0
 

Author Comment

by:tenover
ID: 24818549
Thanks guys, I totally agree, but wanted to make sure I wasn't abusing my "authority" by saying that it shouldn't be done and wouldn't be allowed....
0
 

Author Comment

by:tenover
ID: 24863063
Real quick....
I think I might upgrade our firewall/VPN solution (Sonicwall) to a new unit that offers SSL VPN, which is pretty much the same solution as Citrix (in a way), correct?  This way everyone would have to connect using SSL and could connect from any computer securely and safely, right?
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question