On 16/01/2016 06:17, Grant wrote: > I'm considering allowing some employees to work from home but I'm > concerned about the security implications. Currently everybody shows up > and logs into their locked down Gentoo system and from there is able to > access the company webapps which are restricted to the office IP > address. I guess I would have to allow webapp access from any IP for > those users and trust that their computer is secure? Should that not be > scary? > > - Grant
I have experience in this area. I work at ISPs where working from home is routine and required for overnight standby. You need a VPN, I'd recommend OpenVPN. It's easy to set up and offers the security levels you need. Use the Layer3 routing option that uses tun drivers (not tap) and issue the certificates to the users yourself. Then allow your servers to accept connections from the VPN range as well as the internal office range As for the security levels of their personal machines, tell them what you require and from that point on you really have to trust your people so be security aware and with the program. -- Alan McKinnon alan.mckin...@gmail.com
