Re: Linksys router and AS/400-iSeries Client Access

From: Charles Wilt (cwilt_at_meaa.mea.com)
Date: 01/22/04 

Date: Thu, 22 Jan 2004 14:00:01 GMT

Jonathan,

Actually, that's a plenty "expert" enough solution.

Consider, the idea of a VPN is to allow you to access a remote network
as if it was your local network. So it makes sense that you'd tell your
firewall that the VPN connected network is in your trusted zone, since
normally your local network is in your trusted zone.

Question to ask yourself, if I carried my PC into the company and
plugged into the network, would I still need ZoneAlarm? (Assume that
the company already as top notch hardware/software firewall at the link
to the Internet and you're not concerned about spyware sending stuff
out.)

If the answer is no, then don't worry about it. This is in effect what
you've done.

If the answer is yes, then you've got more work todo :-)

HTH,
Charles

In article <_1HPb.21576$1e.5941@newsread2.news.pas.earthlink.net>,
jonball@whitehouse.not says...
> The problem with my "expert" rule is, it's more like a
> sorcerer's apprentice rule: I took a real scattershot
> approach, and after adding the company's IP address to
> my "trusted zone", I set up the rule to allow pretty
> much every protocol through for anyone in the trusted
> zone. Whatever it is, my two sessions have remained
> connected even though I've let each of them go as much
> as 10 minutes with no activity; previously, they were
> dropping after just a couple of minutes of non-use.

Relevant Pages

  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • TidBITS#792/15-Aug-05
    ... We also note the release of Security Update 2005-007, ... Macintosh FTP client, free for educational and charitable use. ... mentioned virtual private network (VPN) technologies. ...
    (comp.sys.mac.digest)
  • RE: VPN Error 800
    ... The VPN client IP is 10.0.1.40, this is a private IP address. ... server IP address is 81.137.105.244, this is a Internet IP address. ... not test VPN connection from your perimeter network. ... SBS on your switch to make it work. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN with SBS 2003 (not R2) and DSL.
    ... Reading property value for VPN returned OK ... Reading VPN Server Name returned OK ... identical network cards. ... it seems doubtful that SBS will work properly with two NICs ...
    (microsoft.public.windows.server.sbs)
  • Re: OT By a mile in parts comments on Viet Nam
    ... check bank accouts etc etc whilst away but is safe to do so over wireless and using the hotel network.. ... you should regard your connection as insecure and use some ... form of encryption to protect your passwords and privacy. ... My recommendation would be to set up a VPN endpoint in the UK that you ...
    (uk.comp.sys.mac)
Quantcast