Chile Forum

Hi all. Thought I'd throw this out to the forumites, many of whom tend to be technically savvy and knowledgeable about internet security.

My question is about potential security risks when accessing my office network and client applications while in Chile.

Here's some background:

I work remotely in the US for the company - They are based in NY state and I'm in MD. For access to the office network I VPN in. When that's problematic, I send them my IP address and they add it to their firewall exceptions list so I can at least get to all applications.

Less than 2 years ago I did work from Chile in this way without a problem.

Since then, they've taken on some clients that are ultra-paranoid about sensitive information being accessed by non-authorized users. This has resulted in a "new policy" which says no client app can be accessed outside of North America.

Honestly, what I'm looking for is some information that may let them allow me to work from Chile. I always thought the main security risks presented themselves as soon as you allowed people to access a network remotely - whether from within the US or elsewhere. So accessing it from Chile rather than MD wouldn't really increase the risk by all that much. I could understand that certain countries could carry more risk, but Chile doesn't seem like it would be on that list.

The sensitive information we're talking about here are things like Social Security Numbers. Nothing financial.

I was also hoping there might be someone on here with a similar situation and, if you were able to work from Chile, tell me what measures you were able to take that eliminated/minimized these security risks? Thanks!

technically you could get around the problem using proxys and vpns..... but really, its company policy.... you have political issues, you would need to talk to the powers and ask for an exemption......

there is no security risk if you are using the right technology.......

It is no more insecure than accessing it remotely from the states. In fact, I would urge them to get their data out of the States if they are really worried about it.

Thanks for the quick responses so far.

Agreed about the company policy. Any information I can gather that would help my case will certainly be presented to the powers that be.

Our network guy is fresh out of college, so he may not be fully aware of exactly HOW it would increase security risks, if at all. Our prez tends to make kneejerk reactions and blanket policies as well, so he probably just gave the directive w/o any real research.

I'm more interested in "the right technology" if Zeronz or any others would care to elaborate.

bones wrote:Thanks for the quick responses so far.

Agreed about the company policy. Any information I can gather that would help my case will certainly be presented to the powers that be.

Our network guy is fresh out of college, so he may not be fully aware of exactly HOW it would increase security risks, if at all. Our prez tends to make kneejerk reactions and blanket policies as well, so he probably just gave the directive w/o any real research.

I'm more interested in "the right technology" if Zeronz or any others would care to elaborate.

A security audit and recommendation will set you back $US25,000 ,

There are many technologies you can use, but it all depends on the way you operate your business and the systems you have....

For example, we use RDP to deliver our applications, so therefore the only data that leaves the site is the way of the screenshot, if you use RDP over VPN and disable printing and file copying you pretty much secure the whole system, only way of stealing info is by way of screenshot, and that would take along time screen by screen....

You can always use more intellgent VPN solutions that scan the connecting client for threats and if they exist not allow the connection..

Encrypted VPN many many to chose from.

Thanks. This will give me a good start.

If I can't convice them, are you looking for anyone to help you with those security audits Zer0nz?

bones wrote:Thanks. This will give me a good start.

If I can't convice them, are you looking for anyone to help you with those security audits Zer0nz?

hahaa, you can get them a dime a dozen on groupon these days , if only chileans would care enough to want advice like that! could make a fortune!