Re: VPN Question
From: Jeff Grossman (jeff@stikman.com)Date: 10/16/02
- Next message: Art VanDelay: "Re: router firewall"
- Previous message: Jeff Grossman: "Re: VPN Question"
- In reply to: Bernie M: "Re: VPN Question"
- Next in thread: Jeff Grossman: "Re: VPN Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jeff Grossman <jeff@stikman.com> Date: Wed, 16 Oct 2002 11:27:43 -0700
Bernie M <while_up_late@night> wrote:
> "Mesomorf" <newsgroup@only.please> wrote in message
> news:SU7r9.1824$hV3.79896@newsb.telia.net...
>> > If the remote user had their own router/firewall then, yes, security is
>> > increased but how responsible is the remote user going to be? Do they
>> > really know how to configure and then check that the router/firewall is
>> > secure?
>>
>> Well, let me quote Jeff Grossman (author of this thread):
>> "I am going to use the Linksys VPN router at the remote sites"
>>
>> ..so they WILL be behind router/firewall..and I guess he will configure
> all
>> remote sites (offices i guess) so the security will be there.
>>
>> And I know alot companys (small companys) that use Linksys product on the
>> office to connect to Internet ..so that is why I am talking about "same
>> security" on VPN and local office.
>>
>> > Lockdown the PC while the VPN is active ... better safe than sorry.
>>
>> .but I can?t say that I dissagre with you Bernie.. better safe than sorry
> :)
>>
>> --
>> Johan Tuneld
>>
>> Your Guide To Filetransfer Fix for ICQ 2001/2002
>> And a complete guide of Gateway / Firewall configuration for all ICQ
> clients
>> http://www.tuneld.com
>>
>>
>
> This week I've been attending a course on VPN deployment (run by Verisign)
> and while I'm thinking along the right lines there are *best practice*
> methods to help safeguard the company LAN. Others may have more experience
> and exposure to this but what we spoke about today was exactly this
> scenario.
>
> Allowing people to browse while also having a VPN directly into a company
> LAN does present risks but these can be reduced by ensuring the firewall
> strictly controls what the VPN clients can access inside the company LAN
> (remembering the VPN should be terminated on the outside of the firewall).
> It has been seen where the VPN termination point was internal to the LAN
> itself and the firewall had absolutely no idea what the client was
> accessing. This should be avoided at all costs.
>
> If browsing is to be allowed, it's *strongly* recommended to control what
> sites they can go to while the VPN in up. There are malicious sites out
> there that you really don't want people to connect to.
>
> A packet filter router/firewall will go a long way to protect the PC against
> hostile traffic incoming on blocked ports but isn't aware of what's being
> sent through an established TCP session with a web site.
>
> I don't mean to sound alarmist or paranoid but I hope my concerns have at
> least raised awareness of the dangers involved. It's so common to hear
> people say that "there's nothing to worry about ... we're using a VPN".
>
> BernieM
>
Bernie,
Your information on this topic has been very helpful. Let me add one more
point to this whole discussion. My company is completely Macintosh, or
wait there is one PC at each location, but mainly Macintosh. Also, each
location, including the main location, is running NAT. There are no
Unix/Linux/Windows servers at any location. The one PC is running Windows
98 or XP.
Thanks,
Jeff
-- Jeff Grossman (jeff@stikman.com)
- Next message: Art VanDelay: "Re: router firewall"
- Previous message: Jeff Grossman: "Re: VPN Question"
- In reply to: Bernie M: "Re: VPN Question"
- Next in thread: Jeff Grossman: "Re: VPN Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
