RE: [fw-wiz] worm + VPN + firewall

From: Ames, Neil (NAmes_at_anteon.com)
Date: 08/15/03

  • Next message: Steve Evans: "RE: [fw-wiz] worm + VPN + firewall" 
    To: "Mordechai T. Abzug" <morty@frakir.org>, <firewall-wizards@nfr.com>
Date: Fri, 15 Aug 2003 09:49:54 -0400

    Morty,
            I agree, but I see some bigger problems. Are you hoping to protect from all VPNs, to include SSL? What about other avenues for infection. A mobile user who traverses the perimeter with an infected machine is the equivalent problem. You need absolute policy compliance or absolute control of the network for that kind of protection. Kind of hard. That's why the AV vendors are coming out with pretty good host-based firewalls tacked right onto the AV utility. That's why Microsoft made a point of telling their customers, in the reaction to blaster, to look into filtering by ports on every host. I *do* look forward to some juicy VPN infection stories, but to bolster the greater security arguments not just firewalling VPN end-points (with which I agree).

    Thank you,

    Fritz

    -----Original Message-----
    From: Mordechai T. Abzug [mailto:morty@frakir.org]
    Sent: Wednesday, August 13, 2003 7:30 PM
    To: firewall-wizards@nfr.com
    Subject: [fw-wiz] worm + VPN + firewall

    Has anyone had a user's external Blasterized system that VPNd past a
    firewall and compromised an internal network? It would be nice to
    have conrete examples for the "VPNs should terminate outside
    firewalls" argument.

    - Morty
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Steve Evans: "RE: [fw-wiz] worm + VPN + firewall"