Our primary security suggestion is to make the VPN the only entry point to your network from the Internet. That is, make sure all of your systems are blocked or otherwise inaccessible from the Internet unless outside users connect to it via a VPN. Chapter 2 describes the use of firewalls to do this, and the subsequent implementation chapters go into more detail.
It’s not a good idea to give out VPN access to just anyone. If your organization is undergoing constant change, or you are running a virtual corporation where everybody works from home, you may find it difficult to limit the users who have access. You may want to only allow people who really need remote access to have it. Here are some examples of people who might need remote VPN access:
Traveling sales or marketing people who need access to email and files.
Employees who work from home, or who need access to network servers after hours. Examples might be software developers, testers, documentation writers, or managers. Unless someone is permanently working from home or has a constant need for such access, it might be a good idea to grant them access only while they need the account, such as when they’re ill or unable to come into work. For example, an employee who breaks her leg badly and has to stay at home for several months might still be able to dial in and work.
Network or systems administrators.
We also suggest that you create an acceptable-use policy governing your ...