cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1672
Views
0
Helpful
4
Replies

What do people do with third party VPN access

carl_townshend
Spotlight
Spotlight

Hi All

What do people do regarding third party VPN access to their network, if we have people connecting with no agents etc, how can we enforce polices etc?

Is there certain things people check for etc for third party compliance?

cheers

4 Replies 4

thomas
Cisco Employee
Cisco Employee

Carl can you define what you mean for "third party compliance"? A specific example would be helpful.

For example,

We have third party support companies access our systems for support etc, we lock these down via our ASA to specific servers etc, but how do we know they are running AV and a patched pc?

what if the third party will not let us put a client on their pc?

how would we go about this? what does everyone else do?

Thank you - that helps clarify... I thought you were asking about other networking vendors' VPN/Firewalls with ISE!

I'd say these are your options:

1) lock down their VPN access with ACLs to only the specific services (hosts & ports) as you are doing

2) give them one of your corporate laptops with your approved/required software, anti-malware, etc.

3) virtual desktops

 

Hi,

   

    If you don't ave control over the remote PC's, you first restrict their access at the IP level (ACL or VPN filter), and after decryption you take the traffic as untrusted; so you integrate it within your company's threat detection architecture; you have an inline NGFW/IPS to detect layer4-7 attacks; you have your SOC monitoring the events and taking actions.

 

Regards,

Cristian Matei.