Re: [fw-wiz] VPNmadness gets more support;

From: ArkanoiD (ark_at_eltex.net)
Date: 02/14/05

Next message: Marcus J. Ranum: "Re: [fw-wiz] VPNmadness gets more support;"

Previous message: Frank Knobbe: "RE: [fw-wiz] Application-level Attacks"
In reply to: Steven M. Bellovin: "Re: [fw-wiz] VPNmadness gets more support;"
Next in thread: Marcus J. Ranum: "Re: [fw-wiz] VPNmadness gets more support;"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Date: Mon, 14 Feb 2005 20:04:13 +0300

I treat VPN as dialup users: uncontrolled external enviroment, though
somehow authenticated. So one should terminate connections on device plugged
into separate segment (small companies may use firewall itself for it) and
enforce some additional restrictions to ensure it does no harm.

Using VPN to create uncontrolled all-to-all netowrk is just insane, i hope
everyone understands that.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Marcus J. Ranum: "Re: [fw-wiz] VPNmadness gets more support;"

Previous message: Frank Knobbe: "RE: [fw-wiz] Application-level Attacks"
In reply to: Steven M. Bellovin: "Re: [fw-wiz] VPNmadness gets more support;"
Next in thread: Marcus J. Ranum: "Re: [fw-wiz] VPNmadness gets more support;"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]