Firewall Wizards: RE: Application requires VPN

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

RE: Application requires VPN - How are these handled?

From: "Melson, Paul" <PMelson () sequoianet com>
Date: Wed, 2 Apr 2003 08:00:59 -0500

It's certainly a valid point.  Trust (or untrust) should be a two-way model, and I don't see why you should trust what 
will or won't be allowed from their network to yours.  Ideally, you would want to terminate this tunnel at a point 
where you can then control packet and application data with a firewall of some type.  Never underestimate the power of 
the almighty dollar - if this is to accommodate a service you pay for, don't be afraid to ask for a solution that meets 
with your organization's security policies.  Only the biggest (and most foolish) vendors will let a services customer 
slip away over something this relatively small.

In the event that they don't budge and you don't have other options, a DMZ or other untrusted segment is an OK way to 
go.  You may also consider a personal firewall for the workstation.  

PaulM

 -----Original Message-----
From:         Michele Jordan <michele () michelejordan net>@AICNOTES  
Sent: Tuesday, April 01, 2003 12:49 PM
To:   firewall-wizards () honor icsalabs com
Subject:      [fw-wiz] Application requires VPN - How are these handled?

I'm curious how others are handling this situation:

Vendor has an application, that requires VPN access to the vendor's
network.  I am being asked to install this on a computer and then pass
that VPN traffic through the firewall.  Obviously, I am reluctant to
create a VPN from a vendor to the inside of the corporate network,
regardless of the size or name of that vendor.  I am suggesting we
implement a machine on a DMZ to do this, keeping that away from the
corporate network.

Other thoughts?

Thanks

-Michele

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

Re: tunnel vs open a hole, (continued)
- Re: Application requires VPN - How are these handled? m p (Apr 02)
- RE: Application requires VPN - How are these handled? Melson, Paul (Apr 02)