Any security value in limiting time of day for VPN?



  • A friend of mine who is a night owl mentioned she frequently has to stop working because her company's VPN shuts down at a certain time every night and comes back on in the morning. She was told this is for "security reasons".

    I have worked in many companies with VPN access and have never encountered this. It seems like a highly questionable practice since it is clearly having a negative business impact and I can't see how it would add any significant security value.

    Is this practice respected in the industry?



  • I have encountered and even configured this. The idea is to reduce the attack surface by only allowing remote access during the time when remote access is expected.

    Your friend is doing something unexpected. And that's OK. The security people should account for and support this (if it is in line with business need - your friend might actually be violating a specific work policy, too, or not, but I've seen business policies like this for various reasons).

    So, yes, this time restriction is normal and it is for legitimate security reasons. But that doesn't necessarily mean that your friend cannot also get a security exception so she can do her work.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2