On the other hand, if the VPN is open to third parties, such as vendors or business partners, you may wish to consider placing these users in a dedicated, restrictive zone that limits their network access to the specific resources they must access to meet business requirements. This can be done by terminating the VPN connection in a firewall zone that explicitly controls the types of traffic that may cross from the VPN into your corporate network.
One solution I've seen used in many enterprises is to set up two or three different VPNs, designed for different uses. This can often be done with a single VPN appliance that provides role-based access. For example, you might set up the following groups on your VPN:
- System administrators
- Site-to-site VPNs
You can then assign different network privileges to each of these roles depending upon their business requirements. For example, you might grant the system administrators the ability to create administrative connections to servers using the SSH protocol, while vendors and regular employees would be denied that access.
Related Q&A from Mike Chapple
Web application firewalls may be a way to better security, but organizations need to be aware of the compliance implications of WAFs.continue reading
An SEC report shows over three-quarters of financial institutions were subject to at least one cybersecurity attack. Expert Mike Chapple looks at ...continue reading
The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.