I recently completed an audit of VPN users for a site I support. Like any security feature, VPN user account expiry can have unintended consequences. But if that process breaks down, a VPN account expiration date is a safety net that can help keep unauthorized users out of your network.
Sure, a user who gets fired or otherwise loses their right to remotely access the site (say a contractor who’s work is complete) should have their access terminated via normal corporate processes. Look shamefacedly down at your keyboard right now if you don’t set an expiration date on remote VPN users’ access. I expire or delete the accounts the site doesn’t need any more, and I update the expiration date on the keepers.
Auditing your network infrastructure is an important habit to be in for many reasons, security being one of more important ones. One of the audits I perform regularly is of remote access VPN accounts.
0 kommentar(er)
