How secure is VPN access?

• Previous message: Hayden Searle: "RE: Designing a Security Operations Center - Looking for Ideas"
• Next in thread: Jonathan Loh: "Re: How secure is VPN access?"
• Maybe reply: Jonathan Loh: "Re: How secure is VPN access?"
• Maybe reply: Alsobrook, Taylor (C.): "RE: How secure is VPN access?"
• Maybe reply: Matvei Kliuchnikov: "RE: How secure is VPN access?"
• Maybe reply: Javier Otero De Alba: "RE: How secure is VPN access?"
• Maybe reply: Stephane Auger: "FW: How secure is VPN access?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 19 Nov 2004 14:13:31 +1300
To: "Cesar Diaz" <cdiaz00@gmail.com>, <security-basics@securityfocus.com>

Hi

The way we work here is there is a firewall after the VPN endpoint so we
can control the ports the VPN users can access. We do not allow file and
print (135, 139, 445 etc) or anything that is not essential. We only
allow access to specific hosts on said specific ports.
To our knowledge this is the most secure way we can do it to prevent the
outbreak of the more prevalent virii, worms etc on the net.

If your boss is worried about the home PC situation and only the company
laptops can connect....well most home users have xDSL or cable modems
for the speed of connectivity etc, or use wireless. Not many ISP's
control their systems with tight firewall rules so once the PC is on the
net it can be open to infection or compromise, which is how the things
spread in the first place (ISP's take little to no responsibility for
stopping net bourne virii and most are only starting to do email
worms/virii on their mail servers), as well as from the users home PC as
soon as it gets connected to the home network.

You can make remote access highly secure by only allowing certain groups
of people access to certain machines, but even with a firewall you cant
be 100% secure. The best way of doing it IMO is to have a VPN endpoint
with a firewall inside it, and inside the second firewall have an
IDS/IPS system to check the traffic and block anything malicious that
sneaks through. Also the company could purchase bulk licenses for
antivirus and personal firewalls and supply them to the users who
require remote access to help ensure network security.

Well that's my 2c worth anyway :)

Hayden Searle
Network Security Specialist

-----Original Message-----
From: Cesar Diaz [mailto:cdiaz00@gmail.com]
Sent: Thursday, 18 November 2004 5:39 a.m.
To: security-basics@securityfocus.com
Subject: How secure is VPN access?

List,

After years of having VPN access for our remote users without a single
know security incident, my boss and I have to justify to her boss why
VPN is secure.

The CIO wants us to only allow users to access the network from
company laptops, not from their own home computers. We currently will
allow users to install the VPN client software on their home computers
to connect remotely, or they can use Citrix through SSL access to get
to network resources. His concern is that if a users home PC is
compromised, that compromise can spread to our network.

Is this a legitimate concern? Can anyone point me in the direction of
some documentation backing either argument?

Thanks in advance for any help.

C
#####################################################################################
Important: This electronic message and attachments (if any) are confidential
and may be legally privileged. If you are not the intended recipient do not
copy, disclose or use the contents in any way. Please let us know by return
e-mail immediately and then destroy this message.
#####################################################################################

• Previous message: Hayden Searle: "RE: Designing a Security Operations Center - Looking for Ideas"
• Next in thread: Jonathan Loh: "Re: How secure is VPN access?"
• Maybe reply: Jonathan Loh: "Re: How secure is VPN access?"
• Maybe reply: Alsobrook, Taylor (C.): "RE: How secure is VPN access?"
• Maybe reply: Matvei Kliuchnikov: "RE: How secure is VPN access?"
• Maybe reply: Javier Otero De Alba: "RE: How secure is VPN access?"
• Maybe reply: Stephane Auger: "FW: How secure is VPN access?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Travelling laptops over VPN ... >>> on the user's machine within the properties of the VPN Dialup Connectiod. ... >> network administrators would want to do that to prevent the users from enabling ... when the user connects to the VPN using the Cisco ... the firewall shuts off because it sees the domain. ... (microsoft.public.windowsxp.work_remotely) Re: Travelling laptops over VPN ... >>> on the user's machine within the properties of the VPN Dialup Connectiod. ... >> network administrators would want to do that to prevent the users from enabling ... when the user connects to the VPN using the Cisco ... the firewall shuts off because it sees the domain. ... (microsoft.public.windowsxp.security_admin) Re: Using a Linksys router, should I also use Zonealarm? ... public internet to access corporate network. ... In the "old days" when people used to use Dial-In instead of VPN you ware ... protected by corporate Firewall -- since there was no public Internet ... (microsoft.public.security) RE: [Full-Disclosure] CISCO Vpn ... Citrix Secure gateway.. ... >>I have been asked what the PROs and CONs of setting up a vpn would be. ... > the inside of the network between your Cisco VPN device and the internal ... Also consider that a home system will ... (Full-Disclosure) Re: Problem w/symantec firewall & SSH Tunnel ... VPN stands for virtual private network. ... computers and it's just as secure. ... (comp.security.ssh)