Work from home security issues
-
Our company is planning to implement work from home schedule. I'm planning to use openvpn to allow the employees to access our internal system / network.
Is it enough to implement openvpn to secure our network from possible attacks and exploitation? Anyone can provide an idea for possible enhancement of the security regarding this setup?
-
@yanafig said in Work from home security issues:
planning to implement work from home schedule.
Hi,
All systems and solutions are only as secure as you make them.
It is essential that you are constantly monitoring its operation and keeping it up to date.- For OpenVPN default ports, I would push up to 40, 50K range
- I would use higher encryption, (cipher = of course, this resource can be demanding)
- Mandatory endpoint AV on the customer side (paid version)
- For many VPN connections, shared and load balanced topology, even setting up multiple VPN servers
- Proper ISP speed and stability (up to multi-WAN)
- Last but not least, need disciplined and trained employees who join the corporate network!
(during working hours there are no FB, WA, Insta, Zoom, etc.)
and good luck
-
@DaddyGo said in Work from home security issues:
urs there are no FB, WA, Insta, Zoom,
Will try these suggestions. Hope we can keep up with the work from home demands. Thank you very much
-
@DaddyGo Not all work environments are same.
Certainly, fb, wa, insta and zoom aren't a security issue (they might be a productivity one, but what if the op already has this allowed in the office?)What if zoom is used for inter-company meetups?
Multipe vpn servers, load balanced, multiwan.
Nice to have, but honestly that can't be on the list of an entry level user, and certainly affect availability but not security.There is nothing wrong with default openvpn ports. Obscurity is not security. Without experience it will create havoc on the rollout.
Use a tls key and aescbc 128 for encryption, with sha256 for auth. Do remember, there are under-powered pc's in remote work scenarios.As for mandatory antivirus on the client, that's the only security nice to have feature, but again, what if the workers are just taking home their work laptops?
They should have some kind of protection already in place.
Just connecting via openvpn won't make them insecure.Openvpn will solve all the needed connectivity issues, with good enough protection of the users data while traversing public networks.
Anything above that needs to be looked into.
Maybe an external consultant can save you from lots of experimentation (and the user frustration that comes with that). -
@netblues said in Work from home security issues:
Certainly, fb, wa, insta and zoom aren't a security issue (they might be a productivity one, but what if the op already has this allowed in the office?)
What if zoom is used for inter-company meetups?After these comments, I will skip the response to your comments.
It seems solid that you haven't worked with many workstations in a large network environment yet. -
One thing you might want to consider is whether all client traffic if forced through the VPN. Some companies insist on that.
-
@DaddyGo Because I have, this discussion has nothing to do with anything bigger that 10-20 workstations tops.
-
@netblues said in Work from home security issues:
10-20 workstations tops.
everyone has the right to their own opinion...
the thing is current, because we "swallowed" yesterday, an FB carried.......admin privileg hijack
(page redirect to a fake roast recipe from FB)we have been working on it for two days and it is not over yet...
three clusters killed for more than 4 hours and user laughs...frenetic@netblues "they might be a productivity one, but what if the op already has this allowed in the office?"
so now I would rather not argue about the place of social sites on corporate networks -
@DaddyGo I don't see where we disagree. What company with 3 clusters would be asking on basic stuff regarding how to implement a work from home vpn?
Access to the internet can have serious security implications.
Even having a smartphone might be an issue, depending who you are and what you do.
Establishing a corporate security policy won't happen by asking on any forum. -
@netblues said in Work from home security issues:
policy won't happen by asking on any forum.