VPN Access for Consultants

From: Louis Cypher (louisecypher_at_hotmail.com)
Date: 11/21/03

  • Next message: arek_at_chelmnet.pl: "RE: MAC Authentication device"
    To: security-basics@securityfocus.com
    Date: Fri, 21 Nov 2003 05:01:35 -0700
    
    

    I totally agree with you Jenn. How long are they going to be there? Once
    and if you allow this, who knows what there network is like, I do not allow
    unknown networks access to my networks. I will not and cannot controll and
    monitor what is coming acrosss the line. Better safe than sorry. Never
    assume and trust no one, it can save you a lot of headaches. ; )

    >-----Original Message-----
    >From: Alessandro [mailto:a.bottonelli@infinito.it]
    >Sent: Thursday, November 20, 2003 1:16 PM
    >To: security-basics@securityfocus.com
    >Cc: Jennifer Fountain
    >Subject: Re: VPN Access for Consultants
    >
    >
    >On Thursday 20 November 2003 00:28, Jennifer Fountain wrote:
    > > They
    > > proceeded to look at me like I had six heads and act like I was the only
    > > security admin that wouldn't allow this. What is the general consensus
    > > on this type of activity? What policies do you have implemented? Do
    > > you allow it if the remote network was confirmed to be secure?
    > >
    >Oh well, it much depends on what kind of data / information your external
    >consultants work on. Does your policy have a classification criteria, if so
    >what does it say about, for the sake of example, the remote access of
    >confidential information? Do not forget, then, that once they unplug their
    >laptops they may have recorded YOUR data on their hard disks and can roam
    >happily on planes, trains and anywhere with YOUR data (and laptops are easy
    >to forget somewhere or to be stolen anyway).
    >
    >I would be personally more concerned with administrative countermeasures
    >than
    >trying to technically assess their networks security (for example there may
    >be a clause in their contracts about (not) storing your data locally or
    >about
    >what kind of measures you ask them to take if they do).
    >
    >Besides, if the tunnel is crypted (efficiently) end-to-end (or laptop to
    >your
    >border-router) what do you care what networks they traverse in the process?
    >
    >--
    >Alessandro Bottonelli
    >CISSP, BS7799 Lead Auditor
    >www.axis-net.it
    >
    >---------------------------------------------------------------------------
    >----------------------------------------------------------------------------

    _________________________________________________________________
    Has one of the new viruses infected your computer? Find out with a FREE
    online computer virus scan from McAfee. Take the FreeScan now!
    http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: arek_at_chelmnet.pl: "RE: MAC Authentication device"