|
Firewall Wizards
mailing list archives
Re: VPNmadness gets more support;
From: George Capehart <capegeo () opengroup org>
Date: Sat, 12 Feb 2005 18:45:01 -0500
Paul D. Robertson wrote:
<snip>
"Don't connect" isn't pure drivel, it's the first consideration you should
make. There is no reason that many operational infrastructure networks,
like parts of the power grid need to be susceptible to worm traffic when
they're mostly composed of production embedded systems.
Amen! See this thread on nanog . . . but it's about ATMs . . . ;> :
http://www.cctec.com/maillists/nanog/historical/0301/msg00769.html
<snip>
Along with blanket deployments where VPN access == full network access.
Client to network VPNs should almost always limit access. </blanket
statement>
Yes! See above for what happens when VPNs aren't terminated into a DMZ
. . .
Cheers,
George Capehart
--
"With sufficient thrust, pigs fly just fine . . ." -- RFC 1925
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Re: VPNmadness gets more support;, (continued)
- Re: VPNmadness gets more support; George Capehart (Feb 12)
Message not available
| 
Intro
