Home page logo
/

basics logo Security Basics mailing list archives

VPN Access for Consultants
From: "Louis Cypher" <louisecypher () hotmail com>
Date: Fri, 21 Nov 2003 05:01:35 -0700

I totally agree with you Jenn. How long are they going to be there? Once and if you allow this, who knows what there network is like, I do not allow unknown networks access to my networks. I will not and cannot controll and monitor what is coming acrosss the line. Better safe than sorry. Never assume and trust no one, it can save you a lot of headaches. ; )


-----Original Message-----
From: Alessandro [mailto:a.bottonelli () infinito it]
Sent: Thursday, November 20, 2003 1:16 PM
To: security-basics () securityfocus com
Cc: Jennifer Fountain
Subject: Re: VPN Access for Consultants


On Thursday 20 November 2003 00:28, Jennifer Fountain wrote:
> They
> proceeded to look at me like I had six heads and act like I was the only
> security admin that wouldn't allow this.  What is the general consensus
> on this type of activity?  What policies do you have implemented?  Do
> you allow it if the remote network was confirmed to be secure?
>
Oh well, it much depends on what kind of data / information your external
consultants work on. Does your policy have a classification criteria, if so
what does it say about, for the sake of example, the remote access of
confidential information? Do not forget, then, that once they unplug their
laptops they may have recorded YOUR data on their hard disks and can roam
happily on planes, trains and anywhere with YOUR data (and laptops are easy
to forget somewhere or to be stolen anyway).

I would be personally more concerned with administrative countermeasures
than
trying to technically assess their networks security (for example there may
be a clause in their contracts about (not) storing your data locally or
about
what kind of measures you ask them to take if they do).

Besides, if the tunnel is crypted (efficiently) end-to-end (or laptop to
your
border-router) what do you care what networks they traverse in the process?

--
Alessandro Bottonelli
CISSP, BS7799 Lead Auditor
www.axis-net.it

---------------------------------------------------------------------------
----------------------------------------------------------------------------

_________________________________________________________________
Has one of the new viruses infected your computer? Find out with a FREE online computer virus scan from McAfee. Take the FreeScan now! http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]