Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Virus from home users using VPN

How do we protect our internal network from a virius that might be on a home computer? We are looking at using the Cisco 800 series VPN router for our at home DSL users. Our 2 biggest concerns are that the home user might have a virus and once connected to our internal network spread the virus? The 2nd is that while the home user is connected to our internal network can anyone hack into the home user's pc and then be on our network? Anyone have idea's on how to avoid this from happening. Thanks.


Re: Virus from home users using VPN

Your biggest concern should the viruses. You can mandate that all employees that connect to the network with a home PC have to have an approved anti-virus system installed and maintained. We actually mandate that the home user install our approved anit-virus solution. We provide the license and the software and thus are able to control the updates, scans, etc. Whenever a user connects to the VPN their definitions wille be updated. True, if the user has not connected to the VPN in a while they will fall behind on definitions but you can also have their antivirs client check for updates on it;s own once a day (or however often)

Second, you can have a desktop firewall solution installed on the home PC as well to mitigate hackers. I personally recomend not allowing split-tunelling. Whenever a user is on the VPN everything goes through the tunnel (including http traffic) Some reports lately have said that the issue of split tunneling is overblown but I disagree. I know of several fortune 500 companies that got hacked that way. Someone came in over the Internet through a telecommuters PC and walked right in. You can cover your bases fairly well but nothing is 100%

Anything else

New Member

Re: Virus from home users using VPN

Thanks for the information. What VPN solution are you using? We are looking at the Cisco hardware products because we are tring to avoid any software on a home PC. We feel that it will be less hassle if the home user has a problem and has the neighbor down the street take a look at it, the software could be altered easier. Also is there a way that as soon as a VPN user connects the new def's are pushed out before/during the authentication. I also agree with you on the split-tunelling that just seems like a big hole into our private network. Again thanks.

CreatePlease login to create content