Re: Remote desktop access policy

["Josh Haft" <pacmansyu () gmail com>]

On Jan 18, 2008 7:33 AM, WALI <hkhasgiwale () gmail com> wrote:
> Hi guys...do you have any remote desktop policy clauses that you can share?
> I am having difficulties in trying to tell people the hazards of haphazardly
> asking IT guys the perils of asking access to their desktops when the come
> in via VPN.
>
> Everyone wants to have a VPN client and then to a remote desktop session to
> their desktop.
>
> How can I tell them the threats of doing so? Are there any threats? Should I
> restrict such usage? For one, it makes a lot of economic sense to switch off
> PC once a user leaves his/her desk for the day.

Are you referring to regular users connecting via VPN, or
administrators? Normal users generally don't take the same precautions
that administrators do. They might leave the connection open for an
extended period of time, exposing your internal network to anyone that
has access to their VPN connected client. I generally view it as a bad
idea for users to have VPN access, but there's always a business case
to be made... Depending on the VPN software you use, you'll definitely
want to limit which devices a connecting user has access to.

We don't have a formal policy dictating who gets VPN/RDP access,
rather it's approved on an individual case basis. I would, however, be
interested in a policy. We don't have users switch off their computers
when they leave since we have updates go out at night and then
auto-reboot the machine.