Chapter 6. Educating the User
SSL VPNs provide a mechanism to communicate securely between two points with an insecure network in between them. Yet, there is no technology on the planet that will totally protect computing operations on its own. End users need to be security-conscious if the security technology is to do its job.
Think about your own organization. Can someone call a user on the phone, profess that he or she is from the 'help desk' and ask for a username and password? In most cases, such a call will not happen, but if it was made, would anyone in your organization actually give their credentials to the caller? If they did, the entire expensive authentication infrastructure you have in place would be undermined.
A combination of solid technology and an educated end user is necessary for security. We have already covered the technology used to secure SSL VPNs; now we address end-user training.
The next section discusses formal training plans; people from organizations that already...
