Virtual Private Network (VPN)

Policy

The use of a virtual private network (VPN) is required when accessing Lullabot's servers, or when accessing client's assets for clients that provide VPNs. A VPN should be always be used when working from unknown or untrustworthy locations, like public networks.

Scope

This policy applies to all Lullabot employees and contractors.

Compliance

1. Critical infrastructure assets will be available only to employees via the Lullabot VPN.
2. Since employees must use Lullabot's VPN to access some internal assets, their devices will be VPN-enabled. This will make it easy to use the VPN when they are working from any untrustworthy location.
3. Some Lullabot clients provide a VPN that is the only way that client assets can be accessed. Employees and contractors working with those clients will not be able to do their work without using the client VPN.

Explanation and Implementation

Lullabot and some of its clients provide VPNs that create secure internet connections from your computer directly to internal servers, which then forwards your traffic out to the internet. A VPN protects your traffic from being intercepted and viewed by any local network device, or even by your ISP.

It is important to understand that this only protects your traffic as it moves from your computer to an internal server. This means that once your traffic leaves the internal server, it is not any more secure than it would have been anyway. The protection is from other users or devices on your local network.

Using the VPN connection also makes all of your internet traffic appear to be coming from a Lullabot server, which means that you can connect from anywhere in the world, and as far as the greater internet is concerned, you look like you are sitting in Newark, NJ. This means that when there are access restrictions on a project, our VPN address can be added to an access control list, and you can connect from anywhere.

Finally, your VPN connection bypasses any local network restrictions. For example, it is not uncommon for public wifi hotspots to block services. By connecting to the VPN, you will automatically bypass any of these network-level restrictions. It is highly encouraged to use the VPN any time you are using public wifi at a coffee shop, airport, hotel, etc. This is especially true if you are using the same computer or other device that you use for work. If in doubt, err on the side of caution and use the VPN.

Instructions on how to connect to Lullabot's VPN are on Dropbox.