RE: [fw-wiz] VPN concentrators

From: R. DuFresne (dufresne@sysinfo.com)
Date: 08/27/02


From: "R. DuFresne" <dufresne@sysinfo.com>
To: Crispin Harris <Harris_C@DeMorgan.com.au>
Date: Tue Aug 27 21:35:21 2002

On Wed, 28 Aug 2002, Crispin Harris wrote:

        [SNIP]

>
> My personal preference is to have a policy enforcement system between the
> VPN Terminator and the internal networks. This is mostly because I don't
> trust that the traffic INSIDE the VPN is as clean as it cold be. Much of
> this is because I am a paranoid SOB, who is aware that the easiest (and
> often cheapest) ways to break a network are _NOT_ through the firewall:
> - Steal the CEO/CFO/CTO's laptop.
> - Break-in to the CEO/MIS' house and use the "Fully Authenticated,
> Encrypted" VPN.
> - Bribe the secretary.
> - Break in to a partner organisation who has a useless firewall/VPN
> security setup.
>

These days, there's perhaps one more area even less secure and a better
route for attacking;

The wireless network. It's often fully exposed and unencrypted, even in
those environments that know better from the wired end. And, one can gain
in places totally free and annonymous wireless access into the internet
from which to probe and attack others from, but, this is an additional
side issue to the wirelss side attack on a company...

Thanks,

Ron DuFresne

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!


Relevant Pages

  • RE: Missing web services configuration pane
    ... Please contact the ISP to confirm what the exact connection type is. ... If it's a VPN type, you should have the VPN server side address. ... 825763 How to configure Internet access in Windows Small Business Server ... 241252 VPN Tunnels - PPTP Protocol Packet Description and Use ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Issue
    ... 317025 You Cannot Connect to the Internet After You Connect to a VPN Server ... | first done with a standard usb broadband modem on XP Professional. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Error code 800 HELP!
    ... Can you visit Internet and OWA on SBS server? ... Just one PC get error code 800 connecting VPN connecting to SBS? ...
    (microsoft.public.windows.server.sbs)
  • Re: Using a home T-1 line to evade company filtering
    ... > You have to understand one simple thing - A COMPANY NETWORK BELONGS TO ... > wants to - there is not promise of internet service just because you are ... Should the standards of Wireless Signal Levels be ... >> really take much of an issue with you loggin in via VPN, ...
    (comp.security.firewalls)
  • Re: CAN WE LOGIN TO A WINDOWS 2003 ACTIVE DIRECTORY DOMAIN OVER TH
    ... I have only heard about VPN and never tried it. ... drive and access it through the internet after you established VPN connection? ... We can do VPN in windows xp to windows xp machine right and it does not have ... Logging onto a server is not nearly as serious as logging ...
    (microsoft.public.windows.server.active_directory)