Re: [Openvpn-users] OT: Corporate VPN policy

[Jamie Lokier <jamie@xxxxxxxxxxxxx>]

Scott Merrill wrote:
> We've been using OpenVPN for some time now to (obviously) provide remote 
> access to our office for several employees.  Management is constantly 
> struggling with how to provide access to those who need it, while 
> simultaneously protecting our trade secrets.  The fear is that a user 
> will take their system (desktop or laptop) into a competitor, connect 
> via VPN, and show them a lot of stuff we'd prefer they not see.

Let me try to understand.

You are concerned about your own staff showing secrets to your
competitors?

> How are others mitigating this concern?  The best we've been able to 
> come up with so far is to provide static IPs to our remote users, and 
> restrict incoming VPN connections to those static IPs.

Wouldn't it be better to instruct your staff to not show certain
things to competitors?

Fixing their location is just an annoying (in my experience)
restriction which doesn't change what remote staff will show to
competitors.

If you don't tell your staff what not to show - they'll just print it
and take the paper along...  or take a file or saved web page along...
or just talk about the trade secrets.

If you do tell them, they'll comply in which case what's the worry?
Or they won't, in which case the VPN location restriction won't change
that.

The things you should be most concerned about are computers getting
stolen, or left unsupervised, or the keys getting copied elsewhere
perhaps by the machines being compromised - and ensuring remote staff
are informed about what company information they should not share.

-- Jamie

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users