Link to home
Create AccountLog in
Avatar of Snowbella Kilangit
Snowbella Kilangit

asked on

Best Practice : Consultant wants to access internet

I have a situation where we have a consultant who will be with us for 3 years. Should I allow her internet access through our network (server, firewall). I have recommended that she use our unmonitored Wifi, but she finds it slow.
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Is the guest internet slow?  Do you care that the guest internet seems slow?  Why does the consultant need internet access - is it for something that they are doing for you or so they can play Candy Crush?  If you do care about slow guest access, what are you going to do to resolve that?

Whether you should or shouldn't allow access depends on these and probably other questions I'm not remembering - and if you have these kinds of policies in place, it's probably NOT your decision to make - speak to the person who hired the consultant - the person the consultant reports to.  If they sign off on it, yes... if not, no.
Avatar of Snowbella Kilangit
Snowbella Kilangit

ASKER

I have been asked to recommend whether we allow them access through our network or should they use Wifi.

Guest needs a reasonably fast internet. They are not doing any work for us. Just an arrangement to allow them to use office space, along with it internet access

I am just worried about security but have to juggle with the terms of the arrangement
ASKER CERTIFIED SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
If you needed oversight, you need to have the proxy of browser to send over to your central web proxy before going out to FW the to internet. The safe guard is to sanction and policing the access control from an Enterprise security policy angle. The speed need not be compromised if the vlan in which that machine is in are segregated with only few machine. It is the ISP internet link that is co shared instead. There can be some link balancing if you have two isp or sort of QoS sort to give her more bandwidth.

The guest wifi segregated from wired and wireless enterprise lan should all still go through your perimeter FW other those egress choke point prior to internet. Eventually the monitoring must still be done as cross infection kr mass spread due to drive by downloads or phished link in email leading to visit of compromised website is very common internet threat and exposure. The damages can be huge if not managed properly.

This should also consider the remote use case where the machine maybe  using mobile dongle or wireless MIFI hotspot to do a VPN into the enterprise then to do internet surfing. This should go through the PFW too. It can be slower though but I see the immediate concern is more of onsite instead of remote access for now.
We have moved the consultant to the Wifi and kept the wired network for staff use only
Staff wifi should be considered too and deploy as enterprise wifi. Regardless wifi and wired is separate.