
Ask HN: How does your company manage remote working security? - swadizand
Hi all,<p>I guess most of the people out there working remotely nowadays. But how does your company make sure it&#x27;s remote working infrastructure is secure enough?<p>I guess most of the people would answer this as &#x27;plain VPN&#x27; but I hope there are more paranoid companies those also care about: physical security, home router configurations, enforced OTP&#x27;s, secure communication channels, full disk encryption etc.<p>What is your company&#x27;s paranoia level - and what they do?
======
cpach
If you’re interested in the state of the art, have a look at this:

[https://www.beyondcorp.com/](https://www.beyondcorp.com/)

[https://cloud.google.com/beyondcorp](https://cloud.google.com/beyondcorp)

[https://tailscale.com/](https://tailscale.com/)

[https://github.com/slackhq/nebula](https://github.com/slackhq/nebula)

~~~
abda0180
Tailscale is what we have been looking for. It looks like a huge upgrade
compared to outsourced boilerplate OpenVPN.

~~~
npiit
Unfortunately it's an unbearably buggy piece of software. Cloudflare has
better and even cheaper offerings than this amateurish product.

~~~
abda0180
Thanks for letting me know. I've signed up and tried to get it working as a
substitute for our corporate VPN. But i couldn't get it to work.

The landing page is pretty neat, but the user interface is buggy - and not
that intuitive.

I'll test out Cloudflare!

------
giantg2
Full disk encryption, VPN with RSA token, voice and video through the VPN, and
monitoring software.

I'm not sure what they could do about the home router config or physical
security.

~~~
swadizand
Monitoring software... Is it like those that can power-on webcam as well?
Agent, I mean.

~~~
giantg2
I assume they can. I think they record keystrokes and fo screen captures etc.

------
babytwitter
'Plain VPN' unfortunately. But securing vpn credentials nicely wouldn't be
enough?

~~~
swadizand
VPN is a nice practice, yeah, but is it your own VPN or from a commercial VPN?

Also I think it's never enough. A bad guy makes you got a virus; logs your key
presses and steals the vpn config, and bam, he is inside the company!

The way he must pass to get into company network have to be much more longer
and complex.

