|
Firewall Wizards
mailing list archives
Re: risk level associated with VPNs?
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sat, 05 Feb 2005 10:48:14 -0500
Avishai Wool wrote:
My claim is that these rules are very risky and a wonderful
vector for all kinds of malware.
"Risky" is too kind a word. "Stupid" is more accurate.
I could probably dig up one of my old DAT backups from 1990
with old presentations on VPNs (except I was calling them
"Virtual Network Perimeter" in those days before the marketing
took over) - I recall having a slide that basically said VNPs
should be treated as a trust boundary in spite of their
convenience. I.e.: only permit minimal service-sets to restricted
destinations.
People persist in using even security products at their lowest
"setting" and then they are shocked and amazed to discover
that they're not spectacularly effective. :( Frankly, I find it
baffling, because historically security was a problem domain
that attracted people with strong analytical skills. Perhaps
what we're seeing is the results of the shift in the clue-density
curve that started around the time AOL connected to the Internet...
However, customers uniformly disagree with this argument, and tell me that
"traffic coming over a VPN is not perceived as a risk so shut up
about it."
They are fools.
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
| 
Intro
