Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: VPN for *DSL/CableModem Users

RE: VPN for *DSL/CableModem Users

From: Patrick Darden <darden_at_armc.org>
Date: Mon, 21 Aug 2000 09:34:49 -0400 (EDT)

Mike,

Nortel's Contivity Extranet Switch is cheap, fast, and rock solid. The
software client is a good neighbor on Windows machines. Most of all, when
a VPN is up, no internet traffic is allowed--only traffic inside that pipe
is allowed. A good beginning to a very secure solution. We use it with
NIS 2000 for non-VPN security vs. trojans, hacks, and virii.

All of our VPNs are IPSEC with 3DES encryption and MD5 header integrity
checking via cable modems, DSL, ISDN, or T1+. We're very happy so far.

Sincerely, 

-- 
--
--Patrick Darden                Internetworking Manager             
--                              706.354.3312    darden_at_armc.org
--                              Athens Regional Medical Center
> -----Original Message-----
> From: Michael C. Ibarra [mailto:ibarra_at_hawk.com]
> Sent: Thursday, August 17, 2000 5:15 PM
> To: firewall-wizards_at_nfr.net
> Subject: [fw-wiz] VPN for *DSL/CableModem Users
> 
> 
> Hello:
> 
>  I've been asked to perform the horrible task of allowing
>  in remote/home internet connections into a corporate LAN.
>  The firewall/s in question are a FW-1 and IPFilter (separate 
>  machines) combo. The pipe decided upon was either DSL or 
>  cable modems, based of course on availibilty. The present
>  method is an isdn/SecureID/dialback method. The present
>  corporate policy allows no inbound traffic from the inter-
>  net and allows a limited outbound connections, mainly http.
>  My feeling is that users, unable to reach their AOL/Napster/
>  whatever type of services could place a modem into these home
>  PC's, corporate owned but that doesn't matter, making that
>  box an insecure gateway or transfer point for a virus to the
>  corporate network. VPN's IMO would do little to protect a 
>  machine which has a greater chance of becoming compromised,
>  besides breaking corporate security policy since all non-VPN
>  connections would probably allow those same services not 
>  normally allowed in the office. My question, and thank you
>  for reading this far, is what VPN software and/or hardware
>  is recommended and what can be done to enforce the present
>  corporate policy (aside from asking users to sign an agreement).
> 
> Thank you all,
> 
> -mike
> 
> 
> 	
> 	  The information contained in this message 
> 	   is not necessarily the opinion of Hawk 
> 	           Technologies, Inc.
_______________________________________________
Firewall-wizards mailing list
Firewall-wizards_at_nfr.net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Received on Aug 21 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]