Re: VPN Question
From: Bernie M (while_up_late@night)Date: 10/16/02
- Next message: Jason Lowe: "Re: Newbie questions"
- Previous message: NeoSadist: "Re: Do I need a firewall?"
- In reply to: Mesomorf: "Re: VPN Question"
- Next in thread: Pete: "Re: VPN Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bernie M" <while_up_late@night> Date: Wed, 16 Oct 2002 18:40:53 +1000
"Mesomorf" <newsgroup@only.please> wrote in message
news:SU7r9.1824$hV3.79896@newsb.telia.net...
> > If the remote user had their own router/firewall then, yes, security is
> > increased but how responsible is the remote user going to be? Do they
> > really know how to configure and then check that the router/firewall is
> > secure?
>
> Well, let me quote Jeff Grossman (author of this thread):
> "I am going to use the Linksys VPN router at the remote sites"
>
> ..so they WILL be behind router/firewall..and I guess he will configure
all
> remote sites (offices i guess) so the security will be there.
>
> And I know alot companys (small companys) that use Linksys product on the
> office to connect to Internet ..so that is why I am talking about "same
> security" on VPN and local office.
>
> > Lockdown the PC while the VPN is active ... better safe than sorry.
>
> .but I canīt say that I dissagre with you Bernie.. better safe than sorry
:)
>
> --
> Johan Tuneld
>
> Your Guide To Filetransfer Fix for ICQ 2001/2002
> And a complete guide of Gateway / Firewall configuration for all ICQ
clients
> http://www.tuneld.com
>
>
This week I've been attending a course on VPN deployment (run by Verisign)
and while I'm thinking along the right lines there are *best practice*
methods to help safeguard the company LAN. Others may have more experience
and exposure to this but what we spoke about today was exactly this
scenario.
Allowing people to browse while also having a VPN directly into a company
LAN does present risks but these can be reduced by ensuring the firewall
strictly controls what the VPN clients can access inside the company LAN
(remembering the VPN should be terminated on the outside of the firewall).
It has been seen where the VPN termination point was internal to the LAN
itself and the firewall had absolutely no idea what the client was
accessing. This should be avoided at all costs.
If browsing is to be allowed, it's *strongly* recommended to control what
sites they can go to while the VPN in up. There are malicious sites out
there that you really don't want people to connect to.
A packet filter router/firewall will go a long way to protect the PC against
hostile traffic incoming on blocked ports but isn't aware of what's being
sent through an established TCP session with a web site.
I don't mean to sound alarmist or paranoid but I hope my concerns have at
least raised awareness of the dangers involved. It's so common to hear
people say that "there's nothing to worry about ... we're using a VPN".
BernieM
- Next message: Jason Lowe: "Re: Newbie questions"
- Previous message: NeoSadist: "Re: Do I need a firewall?"
- In reply to: Mesomorf: "Re: VPN Question"
- Next in thread: Pete: "Re: VPN Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
