Question about VPN and network security

[bdhoff]

Recently I was working on a client site helping them with a software implementation. While I was on-site I asked their network admin if I could establish a VPN connection to my office network so that I could use PCAnywere to check email and transfer documents between my office network and my laptop. All I asked for was an internet connection, not a LAN login or anything like that. I was given the internet connection, but was refused the VPN connection because their network admin said that it was a security risk.

On the other side of the equation is the software that I was helping implement was installed on an NT 4 box running Citrix Metaframe and they had clients of theirs logging in over the internet using Metaframe client to access the application remotely. This particular software that I implemented requires read/write access to a local drive on the machine to read and write initialization and parameter files.

What I don't understand and what I could use some clarification on is whether the connection that I requested out of their network was less secure than the inbound connection that they were giving their clients via Metaframe? I didn't have access to any network shares, just a connection to the internet. Their inbound users had access to a machine on the inside of their firewall and potentially had access to their network shares.

When I brought it up to the network admin she just got mad and said that their network setup was none of my business, but I suspect it was because she didn't know what she was talking about. Any ideas?

[Tedob1]

first of all, whenever consultants are called in the local IT staff gets defensive. it dosn't matter if their running windows for work groups, its only human and you should expect that. dont you carry a laptop? youd get a lot better respone by asking for an anolog phone line than you will asking for a tunnel through a firewall, for you only.

Their paying very good money for you to do work there, not for you to check your email. not to mention, your asking for perks from a guy/gal who has more than likely been slighted by his/her company, having called you in. and not trusting their abilities and all that.

[bdhoff]

It isn't that kind of relationship. I've been working with them for 4 years and I have never had this kind of issue before.

[t2k2]

Regardless of the length of time you've been working there, they could still show a certain degree of resentment for you, a contractor, coming from the outside to work on something that they felt qualified to handle on their own. And to answer your question, no, I don't think that your outbound connection would have been any less secure than those inbound Citrix connections. Then again, I don't know much about Citrix other than it being a souped up version of Terminal Services or something to that effect. How did they prevent you from making a VPN connection if you had access to the internet?