Re: Home users with VPN connections

From: camthompson (camthompson@shaw.ca)
Date: 03/14/03

  • Next message: Robinson, Sonja: "RE: HIPAA certs"
    Date: Fri, 14 Mar 2003 10:16:42 -0700
    From: camthompson <camthompson@shaw.ca>
    To: security-basics@securityfocus.com
    
    

    Jonathan Grotegut wrote:

    >Forgive me if this seems trivial or "newbieish" but I am new to
    >
    >the "Security" end of computing.
    >
    >
    >
    >With the new CERT Advisory CA-2003-08. I got me to thinking "What are
    >
    >others policies, procedures, and requirements for home users connecting
    >
    >via VPN to a corporate network?"
    >
    >
    >
    >When a person connects a VPN connection from their home to the office,
    >
    >they can very easily have a Trojan or a virus. This would allow for easy
    >
    >infection or access to the corporate network.
    >
    >
    >
    >What are what are your thoughts on policies, procedures, requirements for
    >
    >VPN users connecting to the corporate network as far as Password
    >
    >requirements, Personal Firewalls, Virus Software, Etc.?
    >
    >
    >
    >Thanks in advance for your sugestions. By the way our clients vary. Our
    >
    >clients are all in different professions, meaning we have everything from
    >
    >health care providers to mortgage companies to printing companies.
    >
    >
    >
    >Jonathan Grotegut
    >
    >DirectPointe
    >
    >
    >
    Any Internetwork should have equal security at all access points to the
    internet.

    I guess that means you (or whoever wantsa vpn connection the the
    corporate network) should have just as good security measures as the
    networks you are connecting to.
    What if the corporation has a PIX or some other expensive firewall
    equipment? Then you should have sime kind of hardware firewall, maybe a
    linux gateway running iptables. Then a software firewall on the
    workstation with a good virus scanner to keep trojans and such off that
    machine.

    Cam


  • Next message: Robinson, Sonja: "RE: HIPAA certs"

    Relevant Pages

    • Re: 70-292 - Anybody have any suggestions?
      ... print, proxy server, firewall, Internet, intranet, remote access, and ... connecting corporate networks to the Internet " ...
      (microsoft.public.cert.exam.mcse)
    • Proxy & VPN
      ... Users are not allowed to leave the corporate network for internet traffic ... without using the proxy, spezified on the firewall. ... Administrative Computers are allowed, for testing reasons, but normally ... I established a VPN connection outside and was using IE at ...
      (microsoft.public.windowsxp.security_admin)
    • Exchange/Outlook access thru VPN
      ... I'm setting up IPSec VPN connection to our corporate network. ... I don't want users to browse shared folders (and ... the users to be able to access their Exchange 5.5 mailbox with Outlook thru ...
      (microsoft.public.exchange.admin)
    • Re: Netmeeting over VPN
      ... this is a good move to open up your entire corporate network to the ... Internet via your VPN connection. ... >> I am able to connect with my son on Netmeeting when on my Wireless LAN, ...
      (microsoft.public.internet.netmeeting)
    • RE: VPN and Outlook Web Access
      ... BBCTECH - Hi ... Make sure that the IP range of the machine you are connecting from doesn't ... has an IP of 192.168.0.10 and the server has the IP address of 192.168.1.100 ... I want to create a VPN connection that I can use for administering the ...
      (microsoft.public.windows.server.sbs)