What is your company policy on user VPN'ing in to the network?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Title says it all really. Interested to have a general idea.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

IT staff are alowed.

Some newspaper reporters have limited access to create pages at home and send them over the network to me in my room, they are also allowed to access their own work and put it on their home computer, but they are not allowed to modify their work over the network they must copy it to their home pc then modify and send back over the network.

 

Only users that need to work from home or highly mobile (sales) are given the facility. If you need to access your email then we give you a blackberry or you can use Notes webmail.

Our security guy is trying to phase out the use of vpn. Our security guy prefers people to Remote desktop using terminal services through Citrix - His choice not mine

 

provided their request is authorised by their manager, and the business unit financial authority, anyone can purchase a laptop and a securid key, to give them vpn access to the network.

it can only be done from company laptops though, so no home machines via vpn. once in though, they can do anything they would be able to do from the office.

 

A lot of our staff are either based at customer sites, or mobile workers and work from home/site etc.

Our current setup for all of these is that they can use a VPN to dial into the network to use our in-house software and access email, documents etc.

I would say at least 75% of our workers connect to our network using a VPN connection.

 

Thanks guys. As I thought; cleared by mananger and company equipment.

 

Assign required users with an RSA token and vpn into the network using a defined url then Citrix client to access apps and network folders.

 

Exactly the same on corporate laptops.
We also have SSL VPN available so people can use their home machine to get into the corporate network via a Citrix terminal

 

This is something I've just set up recently so we don't have a policy about it, yet.

The only ones at the moment are the 3 with admin access and one user who is currently travelling on a 6 month sabbatical.

I also plan to implement a policy requiring the head of department, the CFO and the IT department's approval before anyone gets to use VPN.

 

Got a VPN server set up via ISA for most users - runs on its own Radius domain authenticating via SafeWord tokens. Works like a charm. Personally I can't be arsed with it and just use LogMeIn to VPN to my workstation, where I can do everything I need and faster than via 'real' VPN without having to worry about split tunnelling or any of that gubbins.

Also in the process of setting up an SSL VPN box (Juniper) for provisioning 'real' remote access - waiting for Verisgin to get back to me about a certificate for it at the moment.

When I worked at the old bill VPN access was managed by a third party - didn't even have to set up the RSA tokens we used.

At home I used to use OpenVPN via its own Radius domain as well but, like so much else on my network I got rid of it because I was spending as much time on my own maintenance as I was at work!

 

What everyone has said before is what we did as well: only employees that absolutely had to have access (e-mail excluded, since you can get to that over OWA), and only using company equipment (with the exception of... well, me...). Users would use either the SonicWall VPN Client or the SonicWall SSL-VPN.

 

We have VPN access using SecureID and RSA tokens - specific ADSL supplier, 3g dial-up, PSTN - get access to everything as if they we on their desktop.

Accesss - senior managers only, techs don't get anything. Clients, again most senior users and all those who are home workers/work-on-the-road.


My girlfriends' company - VPN over 3g datacard, access to outlook etc. and filestore as per normal.
Access - if job deems it necessary, so not everyone.

 

There is VERY VERY VERY little need for full fat VPN connections in this day and age
especially as most of them are allowing non corporate machines onto the corporate network (although some enforce corporate system images only)
the fact is, as has been mentioned above, very few (if any) require full network access, and those that do could easily be given RDP access to a system on the network, no need for a VPN

I personally dont see the life expectancy of full fat VPNs lasting much longer, with virtualisation, ssl vpns and other remote connectivity options in play, its just a gaping hole that needs not be there

That said
anybody who can justify it should have it
all this crap about management only is ****, most of them dont even do any work when they are at the damn office!, to give that sort of access just to managers is a pure power play and nothing to do with serving the needs of your staff
you need it, you get it, end of story (but you only get what you need)

 

That's exactly my company's unofficial view on it - people on telephone standby get called and instead of logging in securely over vpn, most will have to travel 30-90mins to get into work alone!

There's definitely a large amount of seniority posturing in my place!

 

all field staff have a laptop and connect via vpn and athenticate with an RSA token, also a webmail service is available plus everyone has a blackberry and can choose to login to their desktop phone via blackberry.