RE: [fw-wiz] risk level associated with VPNs?

From: Paul D. Robertson (
Date: 02/12/05

  • Next message: "RE: [fw-wiz] i-cap proposals"
    To: Michael Surkan <>
    Date: Fri, 11 Feb 2005 19:38:51 -0500 (EST)

    On Sun, 6 Feb 2005, Michael Surkan wrote:

    > Perhaps one solution to reduce VPN risk levels is simply not to use them
    > in the first place. A lot of organizations are now making the
    > applications their users need available over the directly over the
    > internet with web browsers (e.g. e-mail).

    Depending on the threat level, that can be more disasterous...

    > Isn't it preferable to give users access to e-mail, or other common
    > apps, by web-proxy and only give VPN accounts to a handful of
    > administrators? Taken to its extreme, maybe tunneling IP traffic over
    > VPNs can be done away with altogether.

    No, it's preferable to restrict VPN access to certain systems/applications
    and concentrate the "do it right" bits on the VPN's exposure. The
    alternative is having *every* application written correctly to resist
    attack, and we all know how successful that isn't.

    > Is this a goal administrators should strive for?

    No, administrators should strive to reduce their risk. Just because worm
    infested desktops are a major issue doesn't mean you should open all of
    your applications to anonymous attack!

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact."
    firewall-wizards mailing list

  • Next message: "RE: [fw-wiz] i-cap proposals"

    Relevant Pages

    • Re: Crackpot vacation?
      ... physics that seems to have embarrassed even himself. ... now Paul, what you just said is CLEARY a relativistic ... from physics to evolution (know any good applications of evolution ... Don't complain to the RECIPIENT ...
    • [ANNOUNCE] PyGTK 2.15.1 - unstable
      ... A new unstable development release of the Python bindings ... GTK+ is a toolkit for developing graphical applications that run on ... it can be used to write full featured Gnome applications. ... autocreate from Git history (Paul) ...
    • new network application running
      ... At startup, an UDP packet is sent to signal a new ... application to running applications. ... Each running application then try to connect to the UDP sender. ... a new request came: it should work through a VPN. ...
    • Re: Visual Basic 2005
      ... Sorry Paul but I have pick you up there when you say "...have chosen to...". ... I'm certainly not suggesting that you completely drop your Classic VB development investment. ... haven't as I still need to support or ultimately migrate existing applications. ... be a benefit in the long run because we're more productive in the .NET environment. ...
    • Re: Networking with XP pro
      ... When you post output from ipconfig and pslist, copied from Notepad, please ... turn off Word Wrap before selecting and copying the text. ... Applications: ... BTW, Paul, please don't contribute to the spread and success of email address ...