RE: DMZ and VPN
From: John Tolmachoff (sflist-secbasic@reliance.net)
Date: 02/18/03
- Previous message: Vince Dang: "RE: Law office recommendations?"
- In reply to: Security Manager: "DMZ and VPN"
- Next in thread: abretten@kroger.com: "Re: DMZ and VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Tolmachoff" <sflist-secbasic@reliance.net> To: "'Security Manager'" <sec_man1234@yahoo.com>, <security-basics@securityfocus.com> Date: Tue, 18 Feb 2003 09:29:45 -0800
> How do you solve that one?
By using a firewall in addition to RRAS. RRAS only determines what packet
goes where. You still need to filter and check those packets.
This is one of my complaints of allowing RRAS to create an VPN endpoint. It
can give someone a false sense of security. If the RRAS server becomes
compromised, so is the VPN traffic as well as the network behind the VPN
endpoint.
IMO, using RRAS as a VPN endpoint should not be used in conjunction with a
DMZ zone, only behind a firewall.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
- Next message: blaxes: "RE: Web Log Analyzer"
- Previous message: Vince Dang: "RE: Law office recommendations?"
- In reply to: Security Manager: "DMZ and VPN"
- Next in thread: abretten@kroger.com: "Re: DMZ and VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
