Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: VPN for *DSL/CableModem Users

Re: VPN for *DSL/CableModem Users

From: Andrew J Bernoth/Boulder/IBM <bernoth_at_us.ibm.com>
Date: Fri, 18 Aug 2000 12:42:14 -0600

Hi Mike,

I don't really understand your concerns. Your staff probably already have
Cable modems or DSL connections attached 7x24 and dial in to your office
LAN without dropping their personal internet connections. How do you stop
this currently without simply relying on Corporate policy and user honesty?
Don't they already have the ability to act as a gateway? VPN is just going
to force them to authenticate a different way, and with one-time passwords
they can't automate their login process. Any connectivity, including
dial-back solutions, can be considered a risk to you corporate LAN, but
users will want to work at home, and managers will want their staff to be
on call and connect at all hours of the day or night.

Regards,
Andrew J Bernoth
bernoth_at_us.ibm.com
"The views expressed above are my own and do not necessarily reflect those
of IBM"

"Michael C. Ibarra" <ibarra_at_hawk.com>@nfr.net on 08/17/2000 03:14:30 PM

Sent by: firewall-wizards-admin_at_nfr.net

To: <firewall-wizards_at_nfr.net>
cc:
Subject: [fw-wiz] VPN for *DSL/CableModem Users

Hello:

 I've been asked to perform the horrible task of allowing
 in remote/home internet connections into a corporate LAN.
 The firewall/s in question are a FW-1 and IPFilter (separate
 machines) combo. The pipe decided upon was either DSL or
 cable modems, based of course on availibilty. The present
 method is an isdn/SecureID/dialback method. The present
 corporate policy allows no inbound traffic from the inter-
 net and allows a limited outbound connections, mainly http.
 My feeling is that users, unable to reach their AOL/Napster/
 whatever type of services could place a modem into these home
 PC's, corporate owned but that doesn't matter, making that
 box an insecure gateway or transfer point for a virus to the
 corporate network. VPN's IMO would do little to protect a
 machine which has a greater chance of becoming compromised,
 besides breaking corporate security policy since all non-VPN
 connections would probably allow those same services not
 normally allowed in the office. My question, and thank you
 for reading this far, is what VPN software and/or hardware
 is recommended and what can be done to enforce the present
 corporate policy (aside from asking users to sign an agreement).

Thank you all,

-mike

       The information contained in this message
        is not necessarily the opinion of Hawk
                Technologies, Inc.

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards_at_nfr.net
http://www.nfr.net/mailman/listinfo/firewall-wizards

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards_at_nfr.net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Received on Aug 19 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos