How do we protect our internal network from a virius that might be on a home computer? We are looking at using the Cisco 800 series VPN router for our at home DSL users. Our 2 biggest concerns are that the home user might have a virus and once connected to our internal network spread the virus? The 2nd is that while the home user is connected to our internal network can anyone hack into the home user's pc and then be on our network? Anyone have idea's on how to avoid this from happening. Thanks.
Your biggest concern should the viruses. You can mandate that all employees that connect to the network with a home PC have to have an approved anti-virus system installed and maintained. We actually mandate that the home user install our approved anit-virus solution. We provide the license and the software and thus are able to control the updates, scans, etc. Whenever a user connects to the VPN their definitions wille be updated. True, if the user has not connected to the VPN in a while they will fall behind on definitions but you can also have their antivirs client check for updates on it;s own once a day (or however often)
Second, you can have a desktop firewall solution installed on the home PC as well to mitigate hackers. I personally recomend not allowing split-tunelling. Whenever a user is on the VPN everything goes through the tunnel (including http traffic) Some reports lately have said that the issue of split tunneling is overblown but I disagree. I know of several fortune 500 companies that got hacked that way. Someone came in over the Internet through a telecommuters PC and walked right in. You can cover your bases fairly well but nothing is 100%
Thanks for the information. What VPN solution are you using? We are looking at the Cisco hardware products because we are tring to avoid any software on a home PC. We feel that it will be less hassle if the home user has a problem and has the neighbor down the street take a look at it, the software could be altered easier. Also is there a way that as soon as a VPN user connects the new def's are pushed out before/during the authentication. I also agree with you on the split-tunelling that just seems like a big hole into our private network. Again thanks.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :