This questions is somehow connected to this other one, where I asked whether it

Question

This questions is somehow connected to this other one, where I asked whether it was better to have a dedicated VPN machine or to use the built-in VPN feature of the router when connecting from an external network to my home network.

Regardless of what approach is chosen, does it make sense to use a VPN when you are on the same local network of the VPN server?

I mean, obviously it makes more sense to use a VPN when you are on an untrusted network and you want to secure it, but is there any reason why you should force your local traffic through the VPN server even when you are on your local network?

Explanation / Answer

In a corporate environment using a VPN for employees while they are on-site opens up some interesting possibilities. You might be able to organize them by group or role and assign them IPs from certain pools and then build network rules around those ranges. When someone from the Finance department connects, you can only allow their traffic to resources they should be able to access.

A VPN across the internal network would also encrypt all of the traffic from your end-user systems to the VPN device. If you had zero trust in your networking infrastructure (hubs and vulnerable switches where you thought people could be running tcpdump all day long) the VPN might mitigate that weakness (although, an attacker might be able to try all kinds of attacks to impersonate the VPN).

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.