I've got a bit of a disagreement with a person I work with. I say all devices must be password-protected. He says I don't need to worry too much about an unsecured device on a private network that is only accessible via a VPN. I'm learning about networking and it would be helpful if you could explain the security risks (or not) with this setup:
A user wants to access a device with a private network IP (for example 172.XXX.XXX.XXX) from the internet (From outside the LAN).
The user must log in to a VPN client with two-factor authentication before inputting that IP address in their browser.
There is a firewall that only permits three different IP addresses through to the private network, the VPN being one of them. If the user is not logged in to the VPN there is no access.
What is the possibility of a network intrusion to this device? What sort of attack(s) should I watch out for? Am I right for being worried a device is not password-protected behind these layers of security?
Thank you for your help!
No comments:
Post a Comment