| 1 |
On 16/01/2016 06:17, Grant wrote: |
| 2 |
> I'm considering allowing some employees to work from home but I'm |
| 3 |
> concerned about the security implications. Currently everybody shows up |
| 4 |
> and logs into their locked down Gentoo system and from there is able to |
| 5 |
> access the company webapps which are restricted to the office IP |
| 6 |
> address. I guess I would have to allow webapp access from any IP for |
| 7 |
> those users and trust that their computer is secure? Should that not be |
| 8 |
> scary? |
| 9 |
> |
| 10 |
> - Grant |
| 11 |
|
| 12 |
|
| 13 |
I have experience in this area. I work at ISPs where working from home |
| 14 |
is routine and required for overnight standby. |
| 15 |
|
| 16 |
You need a VPN, I'd recommend OpenVPN. It's easy to set up and offers |
| 17 |
the security levels you need. Use the Layer3 routing option that uses |
| 18 |
tun drivers (not tap) and issue the certificates to the users yourself. |
| 19 |
Then allow your servers to accept connections from the VPN range as well |
| 20 |
as the internal office range |
| 21 |
|
| 22 |
As for the security levels of their personal machines, tell them what |
| 23 |
you require and from that point on you really have to trust your people |
| 24 |
so be security aware and with the program. |
| 25 |
|
| 26 |
-- |
| 27 |
Alan McKinnon |
| 28 |
alan.mckinnon@×××××.com |
Archives