FW: How secure is VPN access?

From: Stephane Auger (stephaneauger_at_pre2post.com)
Date: 11/19/04

Next message: Gaspar de Elías: "Re: radius+ wireless"

Previous message: GuidoZ: "Re: Failed admin logins"
Maybe in reply to: Cesar Diaz: "How secure is VPN access?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 19 Nov 2004 06:43:05 -0500
To: <security-basics@securityfocus.com>

There are some quarantine services available now. I don't know for all
Oses but I do know that MS provides this. What happens is you create a
script that verfies a few things on the client connecting (Firewall?
AV? Pattern file up to date? Strong Password? Etc...). If everything
is OK on the client, he connects fully on the LAN. If he's missing some
components, he'll either have access but be completely locked down to
the rest of the network, or his connection will be dropped. It can even
redirect the client to a web site to install the software he's
missing....

I know this is not a perfect solution, but I've seen it as being
pretty pratical and adds a layer of security. Of course, so far I've
only used it on Win2k and Win2k3 domains, so I can't vouch for the same
solution on other platforms...

Stephane Auger

> -----Original Message-----
> From: Cesar Diaz [mailto:cdiaz00@gmail.com]
> Sent: Wednesday, November 17, 2004 8:39 AM
> To: security-basics@securityfocus.com
> Subject: How secure is VPN access?
>
>
> List,
>
> After years of having VPN access for our remote users without a single

> know security incident, my boss and I have to justify to her boss why
> VPN is secure.
>
> The CIO wants us to only allow users to access the network from
> company laptops, not from their own home computers. We currently will

> allow users to install the VPN client software on their home computers

> to connect remotely, or they can use Citrix through SSL access to get
> to network resources. His concern is that if a users home PC is
> compromised, that compromise can spread to our network.
>
> Is this a legitimate concern? Can anyone point me in the direction of

> some documentation backing either argument?
>
> Thanks in advance for any help.
>
> C
>

Next message: Gaspar de Elías: "Re: radius+ wireless"

Previous message: GuidoZ: "Re: Failed admin logins"
Maybe in reply to: Cesar Diaz: "How secure is VPN access?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Cant Map Drive when using VPN
... Could you please post the results of "ipconfig /all" from the client while ... SBS Product Team ... Still doesnt let me browse the network, ... >>>up for VPN access. ...
(microsoft.public.windows.server.sbs)
Session time out on FW-1 CheckPoint
... When a client try to connect to a SSH session by using a VPN access, ... But, when he tries to connect directly from our network, he is ...
(comp.security.firewalls)
RE: Lost my outlook contact... :(
... the network configuration is started from a web page located ... client computer, you will see a welcome page to invite you to start the ... local user profiles to the domain user profile. ... Before joining client computers to the network, ...
(microsoft.public.windows.server.sbs)
Re: SMS 2.0 and SMS 2003 Running at same time in same domain.
... the clients are on the network. ... The operating system reported error 53: ... Possible cause: The client is offline. ... Verify that the client is connected to the network and that the SMS ...
(microsoft.public.sms.setup)
RE: Printing from Win9x clients stops
... Open Server Management. ... then right-click the name of the computer running Windows Small Business ... >From the client computer: ... The Select Network Component Type ...
(microsoft.public.windows.server.sbs)