Users with VPN access, want to map directly to our network drives. Best way to reduce vulnerabilities on our network?

Hi guys

We have people using two factor authentication to VPN onto our network. For security, as it stands, people with home PC's/laptops access our network by having to RDP onto their own local machines at work and then accessing the network drives. This was just to prevent the SMB port being open and reduce the possibility of viruses transferring from local PC's onto our own PC's as we don't have control of their machines at home.

As the company shifts more and more towards mobile usage, more and more users are beginning to request direct access to the actual network now, i.e. once they have VPN'd to our Firewall, to directly map to the network drives. We use Watchguard firewalls.

What would be your proposition for such a scenario? Would you offer them access to the network with extra security measures in place, such as having them install applications that would control ransomware/viruses etc?

Thank you
Yashy
LVL 1
YashyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alex GreenProject Systems EngineerCommented:
You want to have people and their home machines connecting to your network, my proposition is don't. You're asking for loss of data, you're asking for Viruses to come into your domain, give them the kit they require and make them use business equipment
0
Alex GreenProject Systems EngineerCommented:
If you really wanted a BYOD policy, use windows to go sticks.
0
JohnBusiness Consultant (Owner)Commented:
We supply users who need remote access with company laptops in place of (instead of) their company desktop machine. We set it up including VPN and make sure it meets our standards. We do not put our VPN access on home machines.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Martyn SpencerSoftware Developer / Linux System Administrator / Managing DirectorCommented:
Given the unreliability (still) of some VPN solutions, and that often people want file based access without fully understanding the issues that revolve around it (file locks, disconnects, low-speed connectivity etc), I would resist the temptation to allow it without careful consideration and a clear set of expectations. If someone wants access to specific documents, why not use a system like Sharepoint, Dropbox or Nextcloud? This way, for users' working documents, where shared simultaneous access is not such an issue, they have access to their documents and those documents are also backed up and possibly versioned. Naturally, there is the problem with data theft that you would have to consider, but any system that allows users to remotely access data is going to potentially suffer from this.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pete LongTechnical ConsultantCommented:
If this is a concern you need to deploy Network Access Protection, and perform 'Posture Assessment" on the remote clients before they connect, i.e. is the OS up to date, Is the AV up to date, etc, etc.
Cisco Anyconnect can do this when deployed with a Cisco ASA firewall (or If you have Cisco ISE) but these are not cheap solutions.
0
Owen RubinConsultantCommented:
I'm with Martyn on this one, use a file sharing service as he mentioned.

One word of caution on this: But be sure any solution you pick includes file version saves. The problem with Dropbox, for example, is that if I accidentally delete the file, it deletes it everywhere. But their business and pro versions keep a number of older versions and deleted files so you can recover from those 'oops' moments when a file gets corrupted or deleted.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.