Re: Remote Users

From: dewt (dewt@kc.rr.com)
Date: 08/12/01 

From: dewt <dewt@kc.rr.com>
To: "Gillard, Paul" <paul.gillard@radioscape.com>, "'security-basics@securityfocus.com'" <security-basics@securityfocus.com>
Subject: Re: Remote Users
Date: Sun, 12 Aug 2001 10:50:53 -0500
Message-Id: <01081210505300.01308@monoceros.pretzel.myip.org>

On Friday 10 August 2001 03:33 am, Gillard, Paul wrote:
> Hi,
>
> I'm in the process of securing my companies network and have a query. As we
> are directly connected to the internet via a 2mb I have installed a
> firewall and allowed only SMTP & VPN in. I've also blocked netbios ports
> from going out. I've introduced a procedure of updating servers with the
> latest security patches as they are released. Virus's are taken care of by
> a virus & content scanner on the SMTP server and AV software on all PC's
> automatically updated as new virus's are found. Home based users have VPN
> connections from a hardware firewall on there ADSL connections with
> reporting sent to a log server on the central LAN. I think I'm reasonably
> well covered apart from one point :- I have a number of users (salesmen)
> who VPN into the main network via the firewall using dial-up connections
> (128 bit), AFAIK while these are connected to the internet they're
> available to any hacker. Am I being paranoid or is this a weak link, if so,
> what can I do to plug it?
>
I'd say you're pretty well set up, i would only recommend one thing, have the
virus scanner for the vpn users as well(if you're not already doing that),
your greatest risk appears to be a virus/trojan/whatever coming over that
from the home users' unclean machines. as for the vpn being weak, as long as
it's encrypted at all it's very unlikely a hacker would take the time to
bother with it from that angle (they'd have better luck taking on the
firewall)

Relevant Pages

  • RE: Firewalls on VPNs - Best Practice Advice
    ... Please help me know if you want to make the IT person manage the remote DC ... | previously been advised that Firewalling VPN ... | connections is not recommended, I've turned off Windows Firewall ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: VPN and XP SP2 woes
    ... XP firewall is turned off globally. ... Per the SOP from my employer, to set up VPN connections into their network, ... >> rights. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Enable firewall on ISPs VPN?
    ... >LAN card and the VPN. ... > However if I only enable the firewall on the real LAN card, ... >server connections and 'bad' activity like inbound ping/ICMP requests. ...
    (comp.security.firewalls)
  • Re: cant access server via remote desktop
    ... > into the Remote Desktop window when attempting to connect. ... >> while on the VPN is "The client could not connect to the remote computer. ... >> Remote connections might not be enabled or the computer might be too busy ... >> when I am not on the VPN and am inside the firewall. ...
    (microsoft.public.windows.server.networking)
  • Re: Industry Standard Security and guest wifi access best practice
    ... with IPSEC VPN clients has not been positive. ... Then they probably won't support other forms of security. ... to switch all connections into SSL mode. ... Use WPA to encrypt wireless traffic, ...
    (alt.internet.wireless)