asked on
Best Practice : Consultant wants to access internet
I have a situation where we have a consultant who will be with us for 3 years. Should I allow her internet access through our network (server, firewall). I have recommended that she use our unmonitored Wifi, but she finds it slow.
SecurityWireless NetworkingInternet Protocols
Last Comment
btan
ASKER
I have been asked to recommend whether we allow them access through our network or should they use Wifi.
Guest needs a reasonably fast internet. They are not doing any work for us. Just an arrangement to allow them to use office space, along with it internet access
I am just worried about security but have to juggle with the terms of the arrangement
Guest needs a reasonably fast internet. They are not doing any work for us. Just an arrangement to allow them to use office space, along with it internet access
I am just worried about security but have to juggle with the terms of the arrangement
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
If you needed oversight, you need to have the proxy of browser to send over to your central web proxy before going out to FW the to internet. The safe guard is to sanction and policing the access control from an Enterprise security policy angle. The speed need not be compromised if the vlan in which that machine is in are segregated with only few machine. It is the ISP internet link that is co shared instead. There can be some link balancing if you have two isp or sort of QoS sort to give her more bandwidth.
The guest wifi segregated from wired and wireless enterprise lan should all still go through your perimeter FW other those egress choke point prior to internet. Eventually the monitoring must still be done as cross infection kr mass spread due to drive by downloads or phished link in email leading to visit of compromised website is very common internet threat and exposure. The damages can be huge if not managed properly.
This should also consider the remote use case where the machine maybe using mobile dongle or wireless MIFI hotspot to do a VPN into the enterprise then to do internet surfing. This should go through the PFW too. It can be slower though but I see the immediate concern is more of onsite instead of remote access for now.
The guest wifi segregated from wired and wireless enterprise lan should all still go through your perimeter FW other those egress choke point prior to internet. Eventually the monitoring must still be done as cross infection kr mass spread due to drive by downloads or phished link in email leading to visit of compromised website is very common internet threat and exposure. The damages can be huge if not managed properly.
This should also consider the remote use case where the machine maybe using mobile dongle or wireless MIFI hotspot to do a VPN into the enterprise then to do internet surfing. This should go through the PFW too. It can be slower though but I see the immediate concern is more of onsite instead of remote access for now.
ASKER
We have moved the consultant to the Wifi and kept the wired network for staff use only
Staff wifi should be considered too and deploy as enterprise wifi. Regardless wifi and wired is separate.
Whether you should or shouldn't allow access depends on these and probably other questions I'm not remembering - and if you have these kinds of policies in place, it's probably NOT your decision to make - speak to the person who hired the consultant - the person the consultant reports to. If they sign off on it, yes... if not, no.