I supported workers both at home and in the field at a manufacturing company for over a year. Mostly sales reps, some engineers. They were primarily using company-issued computers, mostly laptops, some desktops, though many workers used their own PC's to work from home after-hours. The company had PPTP set up with Active Directory. That was pretty much the extent of our security, other than antivirus. No radius server.
There were numerous weaknesses with that setup.
One was PPTP, often considered a less-than-ideal VPN setup. And then a lot of these guys were bringing in their company-owned PC or laptops chock full of spyware. Spybot picked up 1900+ pieces of spyware on one sales reps computer. The guy acted like it was no big deal, but I thought it was a personnel issue and suggested so. I was PO'ed with the user's nonchalance. Another user, a field engineer, was having problems left and right with his laptop, I got it in and found it full of warez. Again, a personnel issue. And of real concern, to me anyway, was the amount of users who were onsite in China and to what extent they were subject to packet sniffing there. But that wasn't my department...
