RE: [fw-wiz] risk level associated with VPNs?

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 02/12/05

  • Next message: lordchariot_at_earthlink.net: "RE: [fw-wiz] i-cap proposals"
    To: Michael Surkan <msurkan@windows.microsoft.com>
    Date: Fri, 11 Feb 2005 19:38:51 -0500 (EST)
    
    

    On Sun, 6 Feb 2005, Michael Surkan wrote:

    > Perhaps one solution to reduce VPN risk levels is simply not to use them
    > in the first place. A lot of organizations are now making the
    > applications their users need available over the directly over the
    > internet with web browsers (e.g. e-mail).

    Depending on the threat level, that can be more disasterous...

    > Isn't it preferable to give users access to e-mail, or other common
    > apps, by web-proxy and only give VPN accounts to a handful of
    > administrators? Taken to its extreme, maybe tunneling IP traffic over
    > VPNs can be done away with altogether.

    No, it's preferable to restrict VPN access to certain systems/applications
    and concentrate the "do it right" bits on the VPN's exposure. The
    alternative is having *every* application written correctly to resist
    attack, and we all know how successful that isn't.

    > Is this a goal administrators should strive for?

    No, administrators should strive to reduce their risk. Just because worm
    infested desktops are a major issue doesn't mean you should open all of
    your applications to anonymous attack!

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: lordchariot_at_earthlink.net: "RE: [fw-wiz] i-cap proposals"