RE: How safe is a VPN connexion from within an internal network?



Your biggest problem will be that with a tunnel originating behind your
firewall, all the tunnel traffic through your firewall is encrypted and
unavailable for inspection. A site to site tunnel would be much better
as then you can apply rules of access, etc.

Regards

Patton J Roub


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of PIERRE.DUFRESNE@xxxxxxxxxxxxxxx
Sent: Monday, November 20, 2006 9:47 AM
To: security-basics@xxxxxxxxxxxxxxxxxxxxxxx
Subject: How safe is a VPN connexion from within an internal network?

Hi all!

I have been asked to install a vpn client on a workstation inside our
network that would access another network through our firewall.
Besides the technical details of allowing IPSec traffic through a NATed
device, I was wondering how safe is this practice? Is it done often?
Once the connexion is established, can a host on the external network
access the workstation inside my network, ie initiate a connexion?
Should I rather go with a "site to site" vpn connexion?

Thanks for your time

Pierre


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



Relevant Pages

  • Re: openVPN: no home network access
    ... Is the inner tunnel (I assume the 10.8.0.1 set by: ... I didn't get my Windows network visible from the road. ... openVPN is on a Linux firewall pc. ... This firewall is between my home network and the internet. ...
    (comp.os.linux.security)
  • Re: Problems Setting Up a Small Wireless Home Network
    ... I really need to reinstall it. ... > perhaps someone will know how to configure it's firewall. ... > other than the tunnel on the network card so that all network traffic goes ... > down the tunnel. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Problems Setting Up a Small Wireless Home Network
    ... perhaps someone will know how to configure it's firewall. ... Normally, when you bring up a VPN client, it firewalls out other traffic ... other than the tunnel on the network card so that all network traffic goes ...
    (microsoft.public.windowsxp.network_web)
  • Re: External Penetration Question
    ... it's sitting behind a firewall and all connections to the internet are NAT'd ... he or she could penetrate any further into the network than where the public ... have a proxy in a DMZ, someone could connect to the proxy and use it to ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ...
    (Security-Basics)
  • VPN Access for Consultants
    ... requested that I allow vpn access through our firewall to their company. ... They want to be able to access their network and our network at the same ... I do not want to create a tunnel between ...
    (Security-Basics)