Given the situation that many companies, organizations and government agencies have been forced into working remotely due to COVID-19, it is imperative to give some thought about corporate security.

Using a VPN for New Stay-at-Home Workers

Millions of employees are now working from the confines of their own homes in an effort to keep businesses running smoothly. In most situations, employees are told to use their existing laptop computer or are issued one to use at home. They are also provided with a virtual private network (VPN) connection for connectivity to their respective places of employment. This makes for a valiant effort to keep critical corporate, organizational or governmental information secure.

DevOps Connect:DevSecOps @ RSAC 2022

But just how secure is it? VPN connections generally provide a good secure encrypted session to a workplace facility. (Many of these VPN tools utilize two-factor authentication, as well.) The VPN connection forces all external communication to traverse the workplace facility before being allowed out onto the “wild” open Internet.

For example, Susan is connected to her corporate email system via VPN, and she receives a legitimate company email with a link to a partner firm that is offering products or services only to employees at a vastly discounted rate. Susan clicks the link and is then taken to the partner firm (over the internet).  This traffic was initiated from Susan’s work laptop over a VPN, and using her mail client, she was connected to her corporate mail server. The mail server then forwards the clicked “link” request onto the corporate network and then on out to the Internet to complete Susan’s request.

A Lack of Control over Remote Workers

Everything discussed above sounds like it falls within the bounds of corporate security. But what is happening on that company-owned system when it’s NOT (Read more...)