|
Firewall Wizards
mailing list archives
RE: risk level associated with VPNs?
From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 11 Feb 2005 19:38:51 -0500 (EST)
On Sun, 6 Feb 2005, Michael Surkan wrote:
Perhaps one solution to reduce VPN risk levels is simply not to use them
in the first place. A lot of organizations are now making the
applications their users need available over the directly over the
internet with web browsers (e.g. e-mail).
Depending on the threat level, that can be more disasterous...
Isn't it preferable to give users access to e-mail, or other common
apps, by web-proxy and only give VPN accounts to a handful of
administrators? Taken to its extreme, maybe tunneling IP traffic over
VPNs can be done away with altogether.
No, it's preferable to restrict VPN access to certain systems/applications
and concentrate the "do it right" bits on the VPN's exposure. The
alternative is having *every* application written correctly to resist
attack, and we all know how successful that isn't.
Is this a goal administrators should strive for?
No, administrators should strive to reduce their risk. Just because worm
infested desktops are a major issue doesn't mean you should open all of
your applications to anonymous attack!
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul () compuwar net which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- RE: risk level associated with VPNs?, (continued)
| 
Intro
