>> Suppose you use a VPN connection. How do does the client (employee) >> secure their own network and the machine they're using to work remotely >> then? > > Poorly, most likely. Your data is probably not nearly as important to > them as their data is, and most people don't take great care of their > own data.
This is the same mentality I have. > As I mentioned in my other post, there might be some exceptions if > you're dealing with highly-skilled IT security employees or something > like that, but most people don't take nearly the level of care with > their clients as you're probably going to want them to. Generally my employees are not technically inclined. > It sounds like Grant is concerned enough about his application to > restrict logins to a specific IP (presumably it uses SSL and sign-ons > as well). If you care THAT much about where valid users can connect > from, I don't see why you'd just let them VPN into your LAN running > who-knows-what-rootkit on their workstations. > > If you're truly 100% web-based I'd just go the chromebook route. If > not, I'd issue laptops that you control with full-disk encryption, and > you can then set them up however you need to. I am 100% web-based. I don't want to administrate machines outside of my LAN so I can imagine a Chromebook would end up vulnerable eventually. Someone mentioned 2-factor authentication which sounds interesting. Are there good options for that besides SMS and Google Authenticator (or a similar mobile app)? Is there a good 2FA server in Portage? Is 2FA ever defeated in real life without the user's phone? - Grant
