12/18/2023 0 Comments Vmware fusion for mac dreamspark![]() It's as best practice as taking your shoes off at airport security. Different users get different RDP or HTTP/HTTPS ports opened up and the ability to do some internal DNS resolution, but it pretty well stops there.īesides, there isn't a VPN product out there that has a "Local LAN Access" setting that isn't easy to bypass. Besides, aren't we VMware users? Isn't the "correct" solution to this whole mess to provide them with remote virtual desktops or use ACE so the data really never leaves the network in the first place? On my network, VPN users are almost as locked down as any random IP out there - they just happen to be authenticated with two factor auth and have a secured tunnel. Either you are going to have security measures in place to deal with VPN users attaching wild, errant and abused machines to your network or you aren't. If you have a VPN application handling data where you have that type of risk, there are much better ways to secure that these days. ![]() The only argument that can ever be made in favor of the feature is the desire to mitigate the risk of a honest-to-goodness approved-to-run-on-the-vpn application leaking data out onto some foreign network, yet when people talk about it they always confuse it with some feature that is supposed to magically shield the VPN user against attacks coming from the LAN that is just BS. After all it's getting its Internet connection somewhere.) And in the second case, the files the user copies will remain on his laptop even after he has disconnected from the VPN and is let back into his local environment where someone can steal it or walk off with his computer or what have you. In the first case, if there is a virus on the local network that will infect the users PC it will happen regardless of whether or not you can stop it from occurring while the user is connected to the VPN (And depending on the exploit vector, even the VPN software may not stop it - the reality is the computer still exists on its local network. It's a best practice because it's a very easy checkbox to check and people are generally stupid.īoth of your presented situations are rendered pointless by the fact that the user is connected to some local LAN immediately before and after connecting to the VPN.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |