Before giving access to your company VPN to home users, consultants, vendors, etc., what type of information do you require from them? Do you just *hope* they have virus software, a firewall, their Microsoft patches are up to date, etc., or do you have a checklist of requirements that need to be fulfilled? We have users take screenshots of their anti-virus software (showing latest virus definitions), have them do a full virus scan and take a screenshot of the results, show a screenshot of their operating system and updates, screenshot of their firewall, etc. It seems to me there has to be a better way to capture this information (is this even necessary if we have the necessary security in place on our end?) How do others manage their VPN connectivity for remote users? Thanks.
