Heidi, Strictly my opinion but take into consideration: Users VPN to corporate via the Internet so what should they be able to access? You want them to follow the same security policy that you have to protect your users at work! FREQUENTLY users connect to the Internet, startup their VPN tunnel to work and leave it up all day (while they also surf the net) all the while their home PC has a very tasty connection to corporates network! What's easier to hack? A home PC running 98,ME, or your corporate firewall? Enforce the security policy by preventing the users from accessing the Internet through their local ISP connection. Most VPN solutions can setup the user profile to use the secured tunnel as the default gateway not the Internet. This means if the user wants to access the Internet they must do so through the tunnel using the rules setup on your firewall. You can also disallow the user from accessing the Internet through the tunnel at all! Understand that the purpose of the tunnel is to gain access to network resources securely, remotely and for work purposes. If the user needs to access the net then they need to do it when not connected to corporate. In brief, do not allow users access to the Internet except through the corporate firewall, if at all. -JGR -----Original Message----- From: Heidi [mailto:mcps@private] Sent: Friday, November 30, 2001 2:56 PM To: CRIME Subject: Re: CRIME secure mail programs/internet Thank you to all who have responded to my questions. All your suggestions are very much appreciated and will help me greatly with trying to point out these security/confidentiality issues to this organization. I am always open to more suggestions and recommendations. Thank you. Heidi
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:29 PDT