Hey everyone, I'm looking for some advice to see if I'm being overly cautious here. I have a client in construction who frequently connects to third-party networks using a VPN client that their external partners provide. When I learned about this setup, I was alarmed and sought ways to prohibit such connections due to the high-security risks involved. However, the business side dismissed my concerns, stating that their external client assured them their network is secure and using the VPN would add extra safety. Am I overreacting? This seems like a major security risk to me. What strategies can I implement to mitigate this risk?
2 Answers
Implementing a zero trust model internally is a solid approach. It assumes that threats could come from anywhere, so it limits access on a need-to-know basis. However, transitioning to this model can be challenging. What do you do while setting this up? I recommend assessing your current network's vulnerabilities in the meantime to establish better safeguards.
In the construction industry, I've faced similar situations. Personally, I wouldn’t allow connections directly from our LAN to the external VPN. Instead, users could connect through dedicated lines like a DIA connection or even use 4G/5G hotspots for VPN access. This helps isolate the LAP from potential risks. We also use the same VPN client as the parties we connect with, making things smoother.
Absolutely! Easier said than done. Maybe start with segmenting your network and reviewing firewall rules until you can implement a full zero trust approach.