A company I’m applying to as web software tester is requiring me to be on-site so they could put me on their whitelist. However, I had a previous job which allowed me to work anywhere, using only Cisco VPN.
Is on-site whitelisting more secure than using off-site VPN? How so?
From a very basic perspective, yes, being onsite is safer.
The key reason being that there is a smaller attack surface.
If you are connecting in via a VPN, there are numerous additional items which could be attacked (yes, in a perfect world, you would have a secure VPN that couldn't be broken/hacked/misconfigured, but this world is definitely not perfect) so the number of potential exploits increases.
The difference may not be much in a well managed environment, but there are many organisations which still see the increase in risk as too far.
