Home page logo

basics logo Security Basics mailing list archives

Re: VPN Access for Consultants
From: "Steve" <securityfocus () delahunty com>
Date: Thu, 20 Nov 2003 17:57:24 -0500

We require use of our DMZ, or simple enough to have them on a VLAN into the
DMZ.  We require temps/consultants to sign our non disclosure agreement and
acceptable use policy.  We require that they let us check their machines for
anti-virus software.

----- Original Message ----- 
From: "Jennifer Fountain" <JFountain () rbinc com>
To: <security-basics () securityfocus com>
Sent: Wednesday, November 19, 2003 6:28 PM
Subject: VPN Access for Consultants

Hi All:

We have several consultants working for my company and they have
requested that I allow vpn access through our firewall to their company.
They want to be able to access their network and our network at the same
time (tunnel).  I told them no, I do not want to create a tunnel between
my network and theirs but I would allow them to plug their laptops into
the dmz or outside the firewall so they can access their network.  They
proceeded to look at me like I had six heads and act like I was the only
security admin that wouldn't allow this.  What is the general consensus
on this type of activity?  What policies do you have implemented?  Do
you allow it if the remote network was confirmed to be secure?

Thanks for any info



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]