RE: Opinions required - GoToMyPc.com

From: Schouten, Diederik (Diederik) (dschout@lucent.com)
Date: 09/05/02


From: "Schouten, Diederik (Diederik)" <dschout@lucent.com>
To: "'Calhoun, Heath'" <CalhounH@gsci.state.ms.us>, Jonathan Kimpson <Jonathan.Kimpson@iteba.com>, security-basics@securityfocus.com
Date: Thu, 5 Sep 2002 11:27:01 +0200 


How does the VPN Concentrator provide access in the likes of PC-Anywhere to
the clients PC's?

They already have a IPSec Client VPN solution on the FW-1, running
PC-Anywahere through it :)

A agree that putting the control of your hosts in the hands of a 3d party is
quite risky.
But that is just a trust thing...

Bigger issue would be, what if their servers are unavailable, that would
mean your remote users cannot use your network.

I'd say, stick with your current solution.
Although you need 2 systems to do it, and it is not as flexible as the Java
solution from GoTomypc, it is secure enough, relatively cheap, and
completely in your control.

Greetings,

        Diederik

> -----Original Message-----
> From: Calhoun, Heath [mailto:CalhounH@gsci.state.ms.us]
> Sent: Wednesday, September 04, 2002 17:45 PM
> To: Jonathan Kimpson; security-basics@securityfocus.com
> Subject: RE: Opinions required - GoToMyPc.com
>
>
> Definitely more expensive, but much more secure would be the Cisco VPN
> concentrator.
> If you have the money, I'd go with the concentrator. Not
> only is it more
> secure, but
> YOU have COMPLETE control over it, users and what they do.
> You may have to
> setup access-lists
> or conduits in your firewall for the specific system the user
> needs access
> to. You
> can also setup where the user is either static or dhcp.
> GOToMyPC is secure, but the concentrator is more secure. It
> also kills any
> active
> internet app on the end users pc as part of the concentrators client
> included firewall.
> Another drawback, is if their server is down, then what?
> What if their
> server gets or
> is hacked? Then what? Also, what information does this
> service collect
> about the
> target pc?
>
> Heath Calhoun
>
> -----Original Message-----
> From: Jonathan Kimpson [mailto:Jonathan.Kimpson@iteba.com]
> Sent: Tuesday, September 03, 2002 11:19 AM
> To: security-basics@securityfocus.com
> Subject: Opinions required - GoToMyPc.com
>
>
> My MD has put this in front of me as a method for allowing access to
> dedicated pcs in either our LAN (!) or DMZ.
>
> Has anyone got any experience in running this service?
> Any pitfalls?
> Any huge holes?
> The service depends on a central server to authenticate the
> connections and
> common sense tells me not to trust without good references
> and testimonials.
>
> The thought of having access to our LAN does put me off- I'm
> going to have
> to come up with ways of monitoring and controlling this
> traffic on our FW-1.
>
> Does anyone run this product in an enterprise environment? We
> have provided
> remote access for others using Securemote by Checkpoint and
> PCanywhere but
> the simplicity of this product attracts our less than techie bosses.
>
> Thanks in advance
>



Relevant Pages

  • Re: Remote accessing file shares problem
    ... Since I don't have controll/access to the concentrator, ... Did the Cisco client has the similar function as MS VPN client that "Log ... In the Configuration of the Dialup Connection (the VPN Connection) ...
    (microsoft.public.windows.server.networking)
  • Re: Another RWW versus VPN question
    ... A Pix does not ...by itself make you more secure. ... VPN "can" make you more insecure. ... I have a client that recently had a programmer from a large security based ...
    (microsoft.public.windows.server.sbs)
  • Another RWW versus VPN question
    ... I have a client that recently had a programmer from a large security based ... His solution is a PIX firewall and VPN access. ... Is a VPN tunnel more secure that SSL? ... secure than having a hardware device authenticate? ...
    (microsoft.public.windows.server.sbs)
  • Re: Opinions required - GoToMyPc.com
    ... Before investing in a Cisco VPN concentrator, thinking it's some panacea, ... > GOToMyPC is secure, but the concentrator is more secure. ... > Another drawback, is if their server is down, then what? ...
    (Security-Basics)
  • Re: Another RWW versus VPN question
    ... I have a client that recently had a programmer from a large security based company come by and demo the Access database he is working on for them. ... During the meeting he tells the employee that hired him and the owner of the company that the current system is not very secure and that he would never trust Microsoft to be responsible for the security of remote access. ... I have been researching on the web and newsgroups but haven't found anything that gives me any concrete info on RWW versus VPN besides RWW not allowing full access to the network like VPN. ...
    (microsoft.public.windows.server.sbs)