Ron DuFresne <dufresneat_private> writes: >I think it does a disservice to the info-sec community to have people tasked >as 'security' aware administrators constantly doing thes rollouts and >constantly turning to the term VPN as a way to expand their security perimiter >and policy compliance outwards from the corporate boundries to the homes of >endusers and their cars on the road without a full understanding of what they >are doing to the defensive perimiters and security policies they are trusted >to maintain. In my experience the admins frequently are well aware that the VPNs-everywhere approach is unsound, but are overruled by management or accountants. Those who persist in raising concerns are labelled as troublemakers/non-team-players, and sidelined in future decision-making. Scare stories of this kind, while unfortunate, may be one of the few ways of getting through to management. Peter.
This archive was generated by hypermail 2b30 : Mon May 06 2002 - 09:03:22 PDT