1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What is your company policy on user VPN'ing in to the network?

Discussion in 'Internet, Connectivity and Communications' started by Boycie, Jun 12, 2008.

  1. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    Title says it all really. Interested to have a general idea.
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  2. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    IT staff are alowed.

    Some newspaper reporters have limited access to create pages at home and send them over the network to me in my room, they are also allowed to access their own work and put it on their home computer, but they are not allowed to modify their work over the network they must copy it to their home pc then modify and send back over the network.
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  3. skulkerboyo

    skulkerboyo Megabyte Poster

    Only users that need to work from home or highly mobile (sales) are given the facility. If you need to access your email then we give you a blackberry or you can use Notes webmail.

    Our security guy is trying to phase out the use of vpn. Our security guy prefers people to Remote desktop using terminal services through Citrix - His choice not mine
    Certifications: MCITP:SA, MCSA 03, MCSA 08, MCTS(680+648),A+,N+,ITILV3 Foundation, ITIL Intermediate: Operational Support and Analysis
    WIP: 70-417
  4. Fergal1982

    Fergal1982 Petabyte Poster

    provided their request is authorised by their manager, and the business unit financial authority, anyone can purchase a laptop and a securid key, to give them vpn access to the network.

    it can only be done from company laptops though, so no home machines via vpn. once in though, they can do anything they would be able to do from the office.
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  5. Stoney

    Stoney Megabyte Poster

    A lot of our staff are either based at customer sites, or mobile workers and work from home/site etc.

    Our current setup for all of these is that they can use a VPN to dial into the network to use our in-house software and access email, documents etc.

    I would say at least 75% of our workers connect to our network using a VPN connection.
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  6. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    Thanks guys. As I thought; cleared by mananger and company equipment.
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  7. onoski

    onoski Terabyte Poster

    Assign required users with an RSA token and vpn into the network using a defined url then Citrix client to access apps and network folders.
    Certifications: MCSE: 2003, MCSA: 2003 Messaging, MCP, HNC BIT, ITIL Fdn V3, SDI Fdn, VCP 4 & VCP 5
    WIP: MCTS:70-236, PowerShell
  8. sunn

    sunn Gigabyte Poster

    Exactly the same on corporate laptops.
    We also have SSL VPN available so people can use their home machine to get into the corporate network via a Citrix terminal
  9. nugget
    Honorary Member

    nugget Junior toady

    This is something I've just set up recently so we don't have a policy about it, yet.

    The only ones at the moment are the 3 with admin access and one user who is currently travelling on a 6 month sabbatical.

    I also plan to implement a policy requiring the head of department, the CFO and the IT department's approval before anyone gets to use VPN.
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  10. zebulebu

    zebulebu Terabyte Poster

    Got a VPN server set up via ISA for most users - runs on its own Radius domain authenticating via SafeWord tokens. Works like a charm. Personally I can't be arsed with it and just use LogMeIn to VPN to my workstation, where I can do everything I need and faster than via 'real' VPN without having to worry about split tunnelling or any of that gubbins.

    Also in the process of setting up an SSL VPN box (Juniper) for provisioning 'real' remote access - waiting for Verisgin to get back to me about a certificate for it at the moment.

    When I worked at the old bill VPN access was managed by a third party - didn't even have to set up the RSA tokens we used.

    At home I used to use OpenVPN via its own Radius domain as well but, like so much else on my network I got rid of it because I was spending as much time on my own maintenance as I was at work!
    Certifications: A few
    WIP: None - f*** 'em
  11. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    What everyone has said before is what we did as well: only employees that absolutely had to have access (e-mail excluded, since you can get to that over OWA), and only using company equipment (with the exception of... well, me...). Users would use either the SonicWall VPN Client or the SonicWall SSL-VPN.
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  12. derkit

    derkit Gigabyte Poster

    We have VPN access using SecureID and RSA tokens - specific ADSL supplier, 3g dial-up, PSTN - get access to everything as if they we on their desktop.

    Accesss - senior managers only, techs don't get anything. Clients, again most senior users and all those who are home workers/work-on-the-road.

    My girlfriends' company - VPN over 3g datacard, access to outlook etc. and filestore as per normal.
    Access - if job deems it necessary, so not everyone.
    Certifications: MBCS, BSc(Hons), Cert(Maths), A+, Net+, MCDST, ITIL-F v3, MCSA
    WIP: 70-293
  13. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    There is VERY VERY VERY little need for full fat VPN connections in this day and age
    especially as most of them are allowing non corporate machines onto the corporate network (although some enforce corporate system images only)
    the fact is, as has been mentioned above, very few (if any) require full network access, and those that do could easily be given RDP access to a system on the network, no need for a VPN

    I personally dont see the life expectancy of full fat VPNs lasting much longer, with virtualisation, ssl vpns and other remote connectivity options in play, its just a gaping hole that needs not be there

    That said
    anybody who can justify it should have it
    all this crap about management only is ****, most of them dont even do any work when they are at the damn office!, to give that sort of access just to managers is a pure power play and nothing to do with serving the needs of your staff
    you need it, you get it, end of story (but you only get what you need)
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  14. derkit

    derkit Gigabyte Poster

    That's exactly my company's unofficial view on it - people on telephone standby get called and instead of logging in securely over vpn, most will have to travel 30-90mins to get into work alone!

    There's definitely a large amount of seniority posturing in my place! :(
    Certifications: MBCS, BSc(Hons), Cert(Maths), A+, Net+, MCDST, ITIL-F v3, MCSA
    WIP: 70-293
  15. VantageIsle

    VantageIsle Kilobyte Poster

    all field staff have a laptop and connect via vpn and athenticate with an RSA token, also a webmail service is available plus everyone has a blackberry and can choose to login to their desktop phone via blackberry.
    Certifications: A+, ITIL V3, MCSA, MCITP:EST, CCENT, 70-432-SQL, 70-401 SCCM
    WIP: MCSA upgrade MCITP:SA then EA

Share This Page