I've been thrown into a bit of a panic here. I work with a client in construction who frequently connects to third-party networks using a VPN client. These external parties provide a link and credentials for the user to set up the VPN. Seeing this raised a big red flag for me due to the extremely high-security risks involved. When I expressed my concerns, the business side told me that their clients assured them their networks are secure and that using the VPN makes it even safer. Am I overreacting? What steps can we take to reduce the risk here?
5 Answers
My default stance is to block VPNs and proxy avoidance entirely on firewalls. It's generally the safest approach unless there's a solid reason to allow it.
I'd recommend considering a zero trust approach for your internal network. While it might seem extreme, it can really help in minimizing risks associated with external connections.
It's not an uncommon practice. We have site-to-site VPN tunnels set up with our cloud provider, and incoming VPNs for vendor support. Just make sure your endpoint's firewall is configured to limit access appropriately.
In my experience in the construction sector, I always say a hard no to VPNs on the LAN. If they need to connect, I suggest using a separate connection like 4G/5G instead. It adds a layer of separation that helps with security.
Opening up to external VPNs is risky, but I'm not the CEO, so I can be flexible if the third party can prove their security measures. I'd require valid security credentials and an up-to-date penetration test report before allowing any connection.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures