× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Ray,

I'm not exactly sure what you're fishing for... I'll start at the end:

"Please don't say we need to depend on our firewalls and building security because we all know both of these items can be hacked."

Now I'm not responsible for security, so perhaps I'm dead wrong, but firewalls for the network and building security are in fact the first two lines of defense in terms of penetration of corporate security. These are two of the most fundamental requirements for site security. The fact that they can be hacked is a RISK, and as such should receive additional attention to mitigate the risk. Common strategies for mitigating these risks on the network is to require regular password changes, mixed case/numeric/symbol passwords, multi-factor authentication (user/pw + RSA key pin hash), biometric authentication, etc. For building security, we have RFID badges with photo, security guards on site at building entrances, video surveillance, and so forth. Some of these defenses are active, some passive. None are completely fool-proof, but when paired with other defenses, are quite thorough...

Risk mitigation is NOT about eliminating risk completely, as this would be both expensive and, ultimately impossible. It's about managing risk, while still meeting the needs of the organization.

Now, as to the specific risk of using a VPN connection to access Remote Desktop, I cannot say. Perhaps you could elaborate on what your concerns might be...

-Eric DeLong


-----Original Message-----
From: wdsci-l-bounces@xxxxxxxxxxxx [mailto:wdsci-l-bounces@xxxxxxxxxxxx] On Behalf Of Ray Rhyno
Sent: Monday, February 25, 2013 6:44 AM
To: Rational Developer for IBM i / Websphere Development Studio Client for System i & iSeries
Cc: wdsci-l-bounces@xxxxxxxxxxxx
Subject: Re: [WDSCI-L] RD Power 8.5.1 image on IBM SmartCloud Enterprise

Just chiming in here as a Security consultant. Has anyone thought through
the companies policy about logging into a logged in desk top at the office
if no one is at the fiscal desktop or location. What are the chances of a
hacker hi-jacking the PC. I bet the VPN doesn't go directly to the PC. VPN
usually only goes as far as the companies internal network. Making an
active PC fair game to hack if the network is penetrated.

I'm talking out loud and looking for solutions so please don't shoot this
down without thinking about it and if you can provided a valid solution.
The solution is going to be important for everyone. Please don't say we
need to depend on our firewalls and building security because we all know
both of these items can be hacked.

Ray

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.