Re: [fw-wiz] worm + VPN + firewall
From: Bennett Todd (bet_at_rahul.net)
Date: 08/18/03
- Previous message: Martin Peikert: "Re: [fw-wiz] Blocking MS Blaster"
- In reply to: Paul Robertson: "Re: [fw-wiz] worm + VPN + firewall"
- Next in thread: lordchariot_at_earthlink.net: "RE: [fw-wiz] worm + VPN + firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Mon, 18 Aug 2003 09:42:18 -0400
2003-08-18T07:11:43 Paul Robertson:
> Let's face it- VPNs should be more restricted than internal users
> for most, if not all implementations.
When using VPNs for remote access, the above statement is certainly
dead on target.
I think VPNs are a very poor choice for remote access, as is direct
unencrypted ppp dialin. Anything extending IP connectivity from the
company net to users' home systems is fraught. Remote access is best
delivered via thin clients; ssh (configured to block all
forwarding) for people who work shell, web portals for the rest, all
with suitable token auth (SecurID or Opie have worked well for me).
VPNs on the other hand are often a reasonable choice as an
alternative to a leased line for branch offices; in that context,
firewalling the VPN termination is no more or less appropriate than
any other balkanizing of the internal net.
-Bennett
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- application/pgp-signature attachment: stored
- Previous message: Martin Peikert: "Re: [fw-wiz] Blocking MS Blaster"
- In reply to: Paul Robertson: "Re: [fw-wiz] worm + VPN + firewall"
- Next in thread: lordchariot_at_earthlink.net: "RE: [fw-wiz] worm + VPN + firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
