Re: [Full-Disclosure] CISCO Vpn

• Previous message: Shannon Johnston: "Re: [Full-Disclosure] CISCO Vpn"
• In reply to: Patrick Olsen: "[Full-Disclosure] CISCO Vpn"
• Next in thread: Harlan Carvey: "Re: [Full-Disclosure] CISCO Vpn"
• Reply: Harlan Carvey: "Re: [Full-Disclosure] CISCO Vpn"
• Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] CISCO Vpn"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Patrick Olsen <polsen@westchestercapital.com>
Date: Wed, 23 Jun 2004 10:51:52 -0500 (CDT)

On Wed, 23 Jun 2004, Patrick Olsen wrote:

> I have been asked what the PROs and CONs of setting up a vpn would be. Im
> trying to find security pros and cons. Basically to find out if it is worth
> the risk. This individual would be using a desktop at home which we would be
> setting up for her.
>

The main problem with a vpn tunnel for workers from home is keeping them
from messing with the system and changing the defaults estblished, and
making sure the security policy on the machine remain as hig as the policy
for the corp network. Things like having the AV sigs up to date, no split
tunneling such that the user can irc while tunneled back into work, etc.
The main risk is in providing nothing more then a secure tunel for all the
home users nasties to travel back into the corp network. It's estimated
that at least 75% of vpn's in place for this kind of use are nothing more
then that.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D. Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Shannon Johnston: "Re: [Full-Disclosure] CISCO Vpn"
• In reply to: Patrick Olsen: "[Full-Disclosure] CISCO Vpn"
• Next in thread: Harlan Carvey: "Re: [Full-Disclosure] CISCO Vpn"
• Reply: Harlan Carvey: "Re: [Full-Disclosure] CISCO Vpn"
• Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] CISCO Vpn"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [fw-wiz] Secure access to LAN resources (WAS: terminal services) ... > encrypted tunnel. ... VPN devices are designed to do strong authentication. ... It's always a trade-off between risk and protection. ... (Firewall-Wizards) Re: Messenger ... and with grown ups first. ... [you are here by informed about the risk being fired, ... you might try to tunnel trough socks, ... >> At work a can navigate in Internet, but I can't use Messenger such as ... (comp.security.firewalls) Re: Clyde Tunnel ... At the risk of tempting fate, I've used the cycle tunnels (like the car ... 'tunnel', there are actually two, one going in each direction) at least ... there will be ned kids with bottles of buckfast and oh so funny 'chat' ... Might be a bit of a stiff climb on ... (uk.rec.cycling) Re: another tunneling question -- rsh? ... > At the risk of being obnoxious, since we have this rash of tunneling ... I'll restate my post from earlier: ... Why not just tunnel SSH instead, which is much easier and vastly more ... (comp.security.ssh)