My recommendation is that the company have a policy that people not be allowed to use privately-owned computers to connect via VPN or to login directly on the network. If, for financial reasons, the company wants people to use their own computers, then the company should buy AV licenses for those users and "certify" the computers before allowing them to connect. That is the state of the art and the best we can do today.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
My recommendation is that the company have a policy that people not be allowed to use privately-owned computers to connect via VPN or to login directly on the network. If, for financial reasons, the company wants people to use their own computers, then the company should buy AV licenses for those users and "certify" the computers before allowing them to connect. That is the state of the art and the best we can do today.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
To add to what Bob said (he's correct)... make sure you have IPS configured to watch traffic from those connected networks... the IPS has caught things before at several of my customer sites that has directed us to look at a rogue remote client.
CTO, Convergent Information Security Solutions, LLC
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
