VPN Access for Consultants

From: Louis Cypher (louisecypher_at_hotmail.com)
Date: 11/21/03

  • Next message: arek_at_chelmnet.pl: "RE: MAC Authentication device"
    To: security-basics@securityfocus.com
    Date: Fri, 21 Nov 2003 05:01:35 -0700
    
    

    I totally agree with you Jenn. How long are they going to be there? Once
    and if you allow this, who knows what there network is like, I do not allow
    unknown networks access to my networks. I will not and cannot controll and
    monitor what is coming acrosss the line. Better safe than sorry. Never
    assume and trust no one, it can save you a lot of headaches. ; )

    >-----Original Message-----
    >From: Alessandro [mailto:a.bottonelli@infinito.it]
    >Sent: Thursday, November 20, 2003 1:16 PM
    >To: security-basics@securityfocus.com
    >Cc: Jennifer Fountain
    >Subject: Re: VPN Access for Consultants
    >
    >
    >On Thursday 20 November 2003 00:28, Jennifer Fountain wrote:
    > > They
    > > proceeded to look at me like I had six heads and act like I was the only
    > > security admin that wouldn't allow this. What is the general consensus
    > > on this type of activity? What policies do you have implemented? Do
    > > you allow it if the remote network was confirmed to be secure?
    > >
    >Oh well, it much depends on what kind of data / information your external
    >consultants work on. Does your policy have a classification criteria, if so
    >what does it say about, for the sake of example, the remote access of
    >confidential information? Do not forget, then, that once they unplug their
    >laptops they may have recorded YOUR data on their hard disks and can roam
    >happily on planes, trains and anywhere with YOUR data (and laptops are easy
    >to forget somewhere or to be stolen anyway).
    >
    >I would be personally more concerned with administrative countermeasures
    >than
    >trying to technically assess their networks security (for example there may
    >be a clause in their contracts about (not) storing your data locally or
    >about
    >what kind of measures you ask them to take if they do).
    >
    >Besides, if the tunnel is crypted (efficiently) end-to-end (or laptop to
    >your
    >border-router) what do you care what networks they traverse in the process?
    >
    >--
    >Alessandro Bottonelli
    >CISSP, BS7799 Lead Auditor
    >www.axis-net.it
    >
    >---------------------------------------------------------------------------
    >----------------------------------------------------------------------------

    _________________________________________________________________
    Has one of the new viruses infected your computer? Find out with a FREE
    online computer virus scan from McAfee. Take the FreeScan now!
    http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: arek_at_chelmnet.pl: "RE: MAC Authentication device"

    Relevant Pages

    • Re: VPN Access for Consultants
      ... > you allow it if the remote network was confirmed to be secure? ... trains and anywhere with YOUR data (and laptops are easy ... trying to technically assess their networks security (for example there may ...
      (Security-Basics)
    • Re: why does the 360 still not have built-in wifi?
      ... Laptops were designed to be used outside of the household. ... Whereas I'm *correctly* stating that this is, in fact, its most common ... Yet still less common than wired networks. ... wired/wireless router but most providers do NOT give you a wireless ...
      (alt.games.video.xbox)
    • Novatel Laptop Cards Can Access Internet, But Services Vary
      ... And the cellular broadband services, ... networks using laptops that have the necessary gear built in. ... Now, Novatel, a leading maker of these cards, has come out with aq ...
      (comp.dcom.telecom)
    • Re: Most secure wireless security for 5 laptops
      ... offer the most security but it seems like a lot of work for 5 laptops. ... IAS server uses a certificate. ... For the server certificate, you can either deploy your own CA, which is ... "Enterprise Deployment of Secure 802.11 Networks Using Microsoft Windows" ...
      (microsoft.public.internet.radius)
    • Re: Windows 2000 clients hold dhcp address when booting on different network
      ... > We have several users who use a laptops in the office and then connect ... > them on different networks either home networks, Comcast broadband, at ... > The network connection show as connection on the system tray. ... > ipconfig /release ...
      (microsoft.public.win2000.networking)