Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: VPN for *DSL/CableModem Users

Re: VPN for *DSL/CableModem Users

From: Chuck Fasching <cfasching_at_compures.com>
Date: Fri, 18 Aug 2000 11:26:14 -0500

If you are just placing a client piece on the End User machine, you could
use Check Point's VPN-1 Secure client, which, when connected to the
Corporate VPN, can control end user connections (Allow All, Deny Incoming,
Deny Outgoing, or only allow Encrypted). You could also futz around with
"personal" firewalls.

Chuck "Spence" Fasching
Security Architect
cfasching_at_compures.com
Computech Resources, Inc
(952)833-0930 xt35

                                                                                                                          
                    "Michael C. Ibarra"
                    <ibarra_at_hawk.com> To: <firewall-wizards_at_nfr.net>
                    Sent by: cc:
                    firewall-wizards-adm Subject: [fw-wiz] VPN for *DSL/CableModem Users
                    in_at_nfr.net
                                                                                                                          
                                                                                                                          
                    08/17/2000 04:14 PM
                                                                                                                          
                                                                                                                          

Hello:

 I've been asked to perform the horrible task of allowing
 in remote/home internet connections into a corporate LAN.
 The firewall/s in question are a FW-1 and IPFilter (separate
 machines) combo. The pipe decided upon was either DSL or
 cable modems, based of course on availibilty. The present
 method is an isdn/SecureID/dialback method. The present
 corporate policy allows no inbound traffic from the inter-
 net and allows a limited outbound connections, mainly http.
 My feeling is that users, unable to reach their AOL/Napster/
 whatever type of services could place a modem into these home
 PC's, corporate owned but that doesn't matter, making that
 box an insecure gateway or transfer point for a virus to the
 corporate network. VPN's IMO would do little to protect a
 machine which has a greater chance of becoming compromised,
 besides breaking corporate security policy since all non-VPN
 connections would probably allow those same services not
 normally allowed in the office. My question, and thank you
 for reading this far, is what VPN software and/or hardware
 is recommended and what can be done to enforce the present
 corporate policy (aside from asking users to sign an agreement).

Thank you all,

-mike

             The information contained in this message
              is not necessarily the opinion of Hawk
                      Technologies, Inc.

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards_at_nfr.net
http://www.nfr.net/mailman/listinfo/firewall-wizards

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards_at_nfr.net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Received on Aug 19 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos