Chapter 40. VPNs Usually Decrease Security
The basic idea of a VPN (virtual private network) is that people with the right credentials can get access to resources over the Internet that normal people can’t see at all. What generally happens is that a machine connects to a VPN server and authenticates. That machine can then see both the Internet and the private network.
For example, many companies allow their employees to check work email from outside the office, but only if they VPN in. If an employee VPNs in, and that employee is infected, the bad guy on that machine suddenly can see a bunch of machines that just weren’t visible before. Heck, maybe the bad guy will even commission some malware targeted to his victim’s firm and its specific environment.
People get themselves infected. Why put your corporate network at unnecessary risk, just to give people access to email? Just outsource your email to a SaaS provider. Or run your own mail infrastructure, but lock it down really tightly in case there is a security flaw in the software.
VPNs made a lot of sense when most of the services people wanted to use didn’t use strong authentication and all of a company’s services ran on one network and had access to one another. But the world’s not like this anymore. Most of the services corporate citizens use have strong authentication available, and you can either have that stuff hosted or otherwise segregate things far better than you could even five years ago.
Plus, VPNing is generally pretty ...
Get The Myths of Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
