Re: VPN Security Management Question

From: Eric Chamberlain (telogix@hotmail.com)
Date: 10/03/02 

From: "Eric Chamberlain" <telogix@hotmail.com>
Date: Wed, 2 Oct 2002 23:35:05 -0700

If the machine is compromised, capturing the passwords is trivial regardless
of where or how the passwords are stored. You would need a Smartcard or
some other token solution if you want that kind of security. But a better
solution is to only minimally trust the machines that are connecting via
VPN. The VPN should not bypass network or server security. 

--
Eric Chamberlain, CISSP
"Tim Brown" <tbrown@mjsoffe.com> wrote in message
news:#NGpcZhaCHA.1732@tkmsftngp11...
> Is there any chance that if someone were to gain access to the home
computer
> then they could call the vpn connection manager, and, if the passwords
were
> stored, have a one-way ticket into the corporate network?  Should we never
> allow passwords to be saved, and are they cached anywhere even if they are
> not (besides, of course ram and paging file).
>
>
> "Eric Chamberlain" <telogix@hotmail.com> wrote in message
> news:#1uQJ3baCHA.1656@tkmsftngp11...
> > Most VPN clients can be configured to route all Internet traffic through
> the
> > VPN when the VPN connection is up.  Then the corporate firewall/IDS can
> > monitor any client-Internet traffic.
> >
> > --
> > Eric Chamberlain, CISSP
> >
> >
> > "Tim Brown" <tbrown@mjsoffe.com> wrote in message
> > news:ueD$pEMaCHA.2588@tkmsftngp12...
> > > Since a hacker could enter a company's network via a compromised
> computer
> > > with VPN access, I'm trying to get some opinions about what other
> > company's
> > > IT/IS departments are doing to make sure that every VPN account user
is
> > > keeping his or her computer up to date and using strong passwords
> > > (especially with broadband connections).
> > >
> > > If we wanted to take the responsibility out of the user's hands and
into
> > the
> > > IS/IT department's hands, we could require the use of broadband
routers
> > that
> > > we could configure ourselves to secure connections.  Does anyone else
> have
> > a
> > > comment or idea?
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Remote disconnected users and Active Directory
    ... They connect to our network ... using a SSL based VPN connection to get mail and access our Intranet. ... authentication again afterthe user logs in and connects to our networkvia ... Ultimately we are concerned about the application of GPOs, passwords ...
    (microsoft.public.windows.server.active_directory)
  • Re: Mapping a Network Drive in XP Results in asking for login cred
    ... If they are not in the office, then they open a VPN session to the server. ... Noone has changed their passwords at all, and I've been combing over the ... Recently an issue arose that occurs when mapping a network drive. ...
    (microsoft.public.windows.server.sbs)
  • Re: How secure is my VPN?
    ... strong/complex passwords for VPN. ... Administrator account, even if it's not in the Mobile Users group. ... Anyone whose remote computer isn't a domain member doesn't need VPN. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Security Management Question
    ... Is there any chance that if someone were to gain access to the home computer ... then they could call the vpn connection manager, and, if the passwords were ...
    (microsoft.public.security)
  • RE: [fw-wiz] SaveUserPassword in Cisco VPN Client with PIX
    ... Recent versions of the Cisco VPN ... client offers this as a method of authentication instead of passwords; ... Midwest Network Services Group ... > crypto map configs with VPN clients on the same PIX by creating ...
    (Firewall-Wizards)