Reasons to disable/delete a VPN account that has been inactive

JManzili · Apr 11, 2017

I am charged with the task of preparing a proposal for my manager and his manager, detailing why a VPN account should be disabled and later deleted, after it has been inactive for a specified number of days (e.g. 90 to 120).

What reasons might be useful to include in my proposal, as I try to convince my managers why this would be a beneficial approach for our financial sector employer? Please include any website links, if any are known and/or available.

Thanks,
Jelani

Ralston18 · Apr 11, 2017

Suggest that you prepare a proposal as best you can and submit that proposal herein for additional comment.

Providing you with reasons etc. seems too much to be a homework assignment. Cannot do homework for you.

Even if it is not homework you still need to follow the same approach.

JManzili · Apr 11, 2017

I didn't ask anyone to write it. Instead, I tried to use this medium/VPN forum for other ideas. Of course, I have my own because I recommended the solution. But, there's nothing wrong with getting the perspective reasoning, of others. Fall back!

Ralston18 · Apr 11, 2017

Fair enough.

What reasons and accompanying support did you initially present?

maitrex · Apr 11, 2017

What kind of a question is this ?

JManzili · Apr 11, 2017

The main reason why VPN accounts should be disabled and/or deleted, after being inactive for a specified number of days, is quite simple. If users of a company are issued company laptops that include a software-based VPN connection method (e.g. Cisco AnyConnect), in the case of a stolen laptop that has not connected remotely via its software-based VPN client in months, a thief will not be able to access network resources because that user's VPN account has potentially been either disabled and/or deleted by that time...due to its long term inactive state.

bill001g · Apr 11, 2017

Only a idiot would let a laptop autoconnect with no password. Most companies that can afford cisco anyconnect clients use single use password tokens systems and/or the would use the domain password. The user would still have to know a password to connect. Since most domain passwords will expire after so many days you would if effect disable the vpn if the user also did not use his domain login.

Pretty much good overall security policy will eliminate the need to take any specific action just on the vpn.

JManzili · Apr 11, 2017

Who said anything about a laptop auto-connecting and no password? I'm familiar with how Cisco AnyConnect works. And, specific actions should be taken on a VPN account...which, though it uses domain credentials in the enterprise, it is a totally separate (remote) access component from logging onto an enterprise network when you're directly tied into it. Every enterprise end-user, is given AD credentials to connect to an enterprise network via a computer directly connected to that network. Not every AD user, is given remote access or VPN capabilities.

Ralston18 · Apr 12, 2017

Probably the strongest arguments to be made for the policy would be derivable from "best practices".

Any number of documents and tutorials available varying with the search criteria (google) being used.

For example:

https://supportforums.cisco.com/discussion/13017751/best-practices

That link presents additional links.

Just googling "VPN Best Practices" may provide some additional ideas and concepts that would be presentable to management. Either directly or with some tailoring to fit your environment and audience.

And you can always expand the search criteria to encompass (as suggested) words such as "VPN Security Policy Cisco" etc..

JManzili · Apr 12, 2017

Thanks, Ralston18

Search

Reasons to disable/delete a VPN account that has been inactive

JManzili

Prominent

Ralston18

Ralston18

Titan

JManzili

Prominent

Ralston18

Titan

maitrex

Prominent

JManzili

Prominent

bill001g

Titan

JManzili

Prominent

Ralston18

Titan

JManzili

Prominent

TRENDING THREADS

Latest posts

Moderators online

Share this page