North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Level3 routing issues?
On Mon, 27 Jan 2003, Scott Granados wrote: > > Alex, although technically correct, its not practical. How many end users > vpn in from home from say a public ip on their dsl modem leaving > themselves open to attack but now also having this connection back to the > "Secure" inside network. Has anyone heard of any confirmed cases of this > yet? > I hate to blow a vendor's horn, BUT... checkpoint has atleast thought this through with SecureClient. There is the ability to push down on the vpn client a local security policy that SHOULD allow you to enforce corporate network security policy on the remote system. > > On Mon, 27 Jan 2003 firstname.lastname@example.org wrote: > > > > > > > Note that in the case of a worm, a VPN could work against you. If you > > > > have all the right filters in place at your "perimeter" and yet let > > > > your employees in through a VPN solution of some sort, you could still > > > > be screwed if one of their home systems gets infected somehow. > > > > > > So what you're saying is that a really good worm could infiltrate any secure > > > network by targetting those who vpn from exterior sources, collect data, and > > > then run? Hmmm. Wait a sec. Would that constitute a worm if it had purpose? > > > > > > > This is not correct. VPN simply extends security policy to a different > > location. A VPN user must make sure that local security policy prevents > > other traffic from entering VPN connection. > > > > Alex > > > > >