Re: [fw-wiz] VPNmadness gets more support;
From: George Capehart (capegeo_at_opengroup.org)
Date: 02/13/05
- Previous message: Mike LeBlanc: "[fw-wiz] A few sql 2000 related questions"
- In reply to: Paul D. Robertson: "Re: [fw-wiz] VPNmadness gets more support;"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] VPNmadness gets more support;"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Paul D. Robertson" <paul@compuwar.net> Date: Sat, 12 Feb 2005 18:45:01 -0500
Paul D. Robertson wrote:
<snip>
>
> "Don't connect" isn't pure drivel, it's the first consideration you should
> make. There is no reason that many operational infrastructure networks,
> like parts of the power grid need to be susceptible to worm traffic when
> they're mostly composed of production embedded systems.
Amen! See this thread on nanog . . . but it's about ATMs . . . ;> :
http://www.cctec.com/maillists/nanog/historical/0301/msg00769.html
<snip>
>
> Along with blanket deployments where VPN access == full network access.
>
> Client to network VPNs should almost always limit access. </blanket
> statement>
Yes! See above for what happens when VPNs aren't terminated into a DMZ
. . .
Cheers,
George Capehart
-- "With sufficient thrust, pigs fly just fine . . ." -- RFC 1925 _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Mike LeBlanc: "[fw-wiz] A few sql 2000 related questions"
- In reply to: Paul D. Robertson: "Re: [fw-wiz] VPNmadness gets more support;"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] VPNmadness gets more support;"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
