Users with VPN access, want to map directly to our network drives. Best way to reduce vulnerabilities on our network?

Yashy
Yashy used Ask the Experts™
on
Hi guys

We have people using two factor authentication to VPN onto our network. For security, as it stands, people with home PC's/laptops access our network by having to RDP onto their own local machines at work and then accessing the network drives. This was just to prevent the SMB port being open and reduce the possibility of viruses transferring from local PC's onto our own PC's as we don't have control of their machines at home.

As the company shifts more and more towards mobile usage, more and more users are beginning to request direct access to the actual network now, i.e. once they have VPN'd to our Firewall, to directly map to the network drives. We use Watchguard firewalls.

What would be your proposition for such a scenario? Would you offer them access to the network with extra security measures in place, such as having them install applications that would control ransomware/viruses etc?

Thank you
Yashy
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
AlexSenior Infrastructure Analyst
Commented:
You want to have people and their home machines connecting to your network, my proposition is don't. You're asking for loss of data, you're asking for Viruses to come into your domain, give them the kit they require and make them use business equipment
AlexSenior Infrastructure Analyst

Commented:
If you really wanted a BYOD policy, use windows to go sticks.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
We supply users who need remote access with company laptops in place of (instead of) their company desktop machine. We set it up including VPN and make sure it meets our standards. We do not put our VPN access on home machines.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Software Developer / Linux System Administrator / Managing Director
Commented:
Given the unreliability (still) of some VPN solutions, and that often people want file based access without fully understanding the issues that revolve around it (file locks, disconnects, low-speed connectivity etc), I would resist the temptation to allow it without careful consideration and a clear set of expectations. If someone wants access to specific documents, why not use a system like Sharepoint, Dropbox or Nextcloud? This way, for users' working documents, where shared simultaneous access is not such an issue, they have access to their documents and those documents are also backed up and possibly versioned. Naturally, there is the problem with data theft that you would have to consider, but any system that allows users to remotely access data is going to potentially suffer from this.
Pete LongTechnical Consultant
Commented:
If this is a concern you need to deploy Network Access Protection, and perform 'Posture Assessment" on the remote clients before they connect, i.e. is the OS up to date, Is the AV up to date, etc, etc.
Cisco Anyconnect can do this when deployed with a Cisco ASA firewall (or If you have Cisco ISE) but these are not cheap solutions.

Commented:
I'm with Martyn on this one, use a file sharing service as he mentioned.

One word of caution on this: But be sure any solution you pick includes file version saves. The problem with Dropbox, for example, is that if I accidentally delete the file, it deletes it everywhere. But their business and pro versions keep a number of older versions and deleted files so you can recover from those 'oops' moments when a file gets corrupted or deleted.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial