RE: [fw-wiz] risk level associated with VPNs?

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 02/12/05

  • Next message: lordchariot_at_earthlink.net: "RE: [fw-wiz] i-cap proposals" 
    To: Michael Surkan <msurkan@windows.microsoft.com>
Date: Fri, 11 Feb 2005 19:38:51 -0500 (EST)

    On Sun, 6 Feb 2005, Michael Surkan wrote:

    > Perhaps one solution to reduce VPN risk levels is simply not to use them
    > in the first place. A lot of organizations are now making the
    > applications their users need available over the directly over the
    > internet with web browsers (e.g. e-mail).

    Depending on the threat level, that can be more disasterous...

    > Isn't it preferable to give users access to e-mail, or other common
    > apps, by web-proxy and only give VPN accounts to a handful of
    > administrators? Taken to its extreme, maybe tunneling IP traffic over
    > VPNs can be done away with altogether.

    No, it's preferable to restrict VPN access to certain systems/applications
    and concentrate the "do it right" bits on the VPN's exposure. The
    alternative is having *every* application written correctly to resist
    attack, and we all know how successful that isn't.

    > Is this a goal administrators should strive for?

    No, administrators should strive to reduce their risk. Just because worm
    infested desktops are a major issue doesn't mean you should open all of
    your applications to anonymous attack!

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: lordchariot_at_earthlink.net: "RE: [fw-wiz] i-cap proposals"

    Relevant Pages

    • Re: Crackpot vacation?
      ... physics that seems to have embarrassed even himself. ... now Paul, what you just said is CLEARY a relativistic ... from physics to evolution (know any good applications of evolution ... Don't complain to the RECIPIENT ...
      (sci.physics)
    • Re: Visual Basic 2005
      ... Sorry Paul but I have pick you up there when you say "...have chosen to...". ... I'm certainly not suggesting that you completely drop your Classic VB development investment. ... haven't as I still need to support or ultimately migrate existing applications. ... be a benefit in the long run because we're more productive in the .NET environment. ...
      (microsoft.public.vb.general.discussion)
    • [ANNOUNCE] PyGTK 2.15.1 - unstable
      ... A new unstable development release of the Python bindings ... GTK+ is a toolkit for developing graphical applications that run on ... it can be used to write full featured Gnome applications. ... autocreate from Git history (Paul) ...
      (comp.lang.python.announce)
    • new network application running
      ... At startup, an UDP packet is sent to signal a new ... application to running applications. ... Each running application then try to connect to the UDP sender. ... a new request came: it should work through a VPN. ...
      (microsoft.public.win32.programmer.networks)
    • Re: Networking with XP pro
      ... When you post output from ipconfig and pslist, copied from Notepad, please ... turn off Word Wrap before selecting and copying the text. ... Applications: ... BTW, Paul, please don't contribute to the spread and success of email address ...
      (microsoft.public.windowsxp.network_web)