Network access
Let’s go back to the example I mentioned earlier, with the client that was using a compromised endpoint with Always On VPN. In most scenarios, a VPN is a supporting service intended to provide end users with access to internal services and applications that require some layer 3 access to backend data sources.
In terms of providing our end users with access, what options do we have? The most common use cases that users need access to are the following:
- File servers (for access to user/shared storage)
- Active Directory (for authentication traffic from the devices)
- Applications running on the endpoint that require access to some internal data source or application services
- Internal web applications that the users need to access
Providing access to all these services can be easily fixed using a VPN client from the endpoint; however, this means that we still have the same amount of risks. Since the users and the endpoints then have access...
