This is mostly for my own education, but a scenario has came up at work that has me skeptical. I'd like for the security experts to tell me if this policy is overbearing or not.
I remote into a VPN from my home PC, non-company issued. It installs Aventail onto the machine and destroys all cached data upon log off. It also does some sort of scanning via Sonicwall. My question is this: The VPN gives me full network access, which includes the ability to remote into my work PC. The company is now turning this off, citing a huge security risk. Is that really true? If someone already has my login to the VPN and it gives them full network access, isn't that already putting the company into DEFCON 1 mode? Is the whole RDP thing really a major additional risk after that? I'm not really seeing the reasoning behind it, but hopefully someone can shed some light on it.