On the other hand, if the VPN is open to third parties, such as vendors or business partners, you may wish to consider placing these users in a dedicated, restrictive zone that limits their network access to the specific resources they must access to meet business requirements. This can be done by terminating the VPN connection in a firewall zone that explicitly controls the types of traffic that may cross from the VPN into your corporate network.
One solution I've seen used in many enterprises is to set up two or three different VPNs, designed for different uses. This can often be done with a single VPN appliance that provides role-based access. For example, you might set up the following groups on your VPN:
- System administrators
- Site-to-site VPNs
You can then assign different network privileges to each of these roles depending upon their business requirements. For example, you might grant the system administrators the ability to create administrative connections to servers using the SSH protocol, while vendors and regular employees would be denied that access.
Dig Deeper on VPN security
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.