1 |
On 16/01/2016 06:17, Grant wrote: |
2 |
> I'm considering allowing some employees to work from home but I'm |
3 |
> concerned about the security implications. Currently everybody shows up |
4 |
> and logs into their locked down Gentoo system and from there is able to |
5 |
> access the company webapps which are restricted to the office IP |
6 |
> address. I guess I would have to allow webapp access from any IP for |
7 |
> those users and trust that their computer is secure? Should that not be |
8 |
> scary? |
9 |
> |
10 |
> - Grant |
11 |
|
12 |
|
13 |
I have experience in this area. I work at ISPs where working from home |
14 |
is routine and required for overnight standby. |
15 |
|
16 |
You need a VPN, I'd recommend OpenVPN. It's easy to set up and offers |
17 |
the security levels you need. Use the Layer3 routing option that uses |
18 |
tun drivers (not tap) and issue the certificates to the users yourself. |
19 |
Then allow your servers to accept connections from the VPN range as well |
20 |
as the internal office range |
21 |
|
22 |
As for the security levels of their personal machines, tell them what |
23 |
you require and from that point on you really have to trust your people |
24 |
so be security aware and with the program. |
25 |
|
26 |
-- |
27 |
Alan McKinnon |
28 |
alan.mckinnon@×××××.com |