I would say it is a level of risk and your target level. For the companies I have worked for I would not have a problem with them surfing the web and being on the VPN. But if I were a high profile company or agency I might think different.

You also have to look at it in the whole security system. Am I going to lock VPN down to the N degree when I have a firewall that has all ports going out open and no one looking at the logs for the firewall. The phone home proxy server could be setting on my internal network and I would not know it, in that case. And if I was targeting your company and the phone home proxy server is not in the wild it will not be added to virus definition files. Back to security as a whole, when you think of security of a building do you think I am going to make it so no one can get in this one window. But with buildings you have a better idea of what needs to be done and why. So you might want to ask what are the best book(s) to read on computer security (I do not know of any, but sure there are some if not lots), so that way you can get an understanding of how something is done, how likely it is to happen and how it proteins to your company, and what can be done to stop it.

John Ross
www.ERP400.com
www.Netshare400.com


Dan Bale wrote:
Boy, I thought this was going to be a short thread!  It seems to be delving
into such fine (low-level?) points of security that I can only rely on
expert opinions, as opposed to making intelligent decisions.  It seems to
me, decidedly non-expert in terms of security, that the several of you
participating in this thread know what you're talking about.

So I would just like to ask where some of you are in disagreement.  Is it
simply a matter of opinion of the risk of exposure?  I acknowledge that
there is risk involved in everything we do.  One of you might say that the
risk of exposure of surfing the web locally while having a VPN connection to
work is so miniscule that it's not worth worrying about, and someone else
may feel that it is significant enough that it shouldn't be allowed.  Or are
there two (or 500) ways to bake a cake?  Both have made their decisions
based on education and experience.  It is clear that everyone here behaves
professionally, and I am thankful that there are no pi$$ing matches.  (So
let's keep it that way! <G>)  But this also means that I'm not getting a
clear picture of the nature of the differences.

In the end, this has made me sharply aware of my security deficiencies.  But
I have also learned a bunch.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.