|
|
The position we take at my site is summarized thus: If you can't trust your users, you can't trust your users. Reducing your VPN's functionality won't stop them from stealing trade secrets if they're sufficiently inclined to go that route -- they can do that even without a VPN if they really want to -- but it *will* interfere with their ability to conveniently get work done remotely, which is the whole point. We restrict VPN access to folks who have a good reason to have it -- part-time contractors are out, for instance -- and are extremely quick on the draw to revoke the certificates (and Kerberos principals) of outgoing personnel. Beyond that, we risk buying a false sense of security -- and paying for it with lost employee productivity. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |