Security Basics mailing list archives
RE: Security from VPN connections
From: "Anstett, Brad" <Brad.Anstett () quill com>
Date: Thu, 28 Aug 2003 10:59:07 -0500
You could also put you internal VPN interface out side of the firewall on another port (creating another DMZ). Maybe only access for terminal services through that DMZ into your internal network. Brad On Tue, 26 Aug 2003 11:57:24 -0400, Christopher Joles wrote:
Good Day All! I'm looking for design advice. Currently, I have a network that is protected by a
Cisco PIX 515 = firewall.
We have it configured to protect our internal
network along = with supplying
access to our DMZ which holds our email and web
servers.
My concern arises from the spread of the blaster
worm. Currently we = give a
couple employees (the boss, the CFO and myself) VPN
access from = home. In
this scenario, the bosses home computer was
compromised by the = blaster worm
and luckily for me, he was on vacation in Germany at
the = time. If he
wasn't, he most assuridly would have made a VPN
connection = and the lovely
blaster worm would have gotten through our defenses.
= Keep in mind, I had
applied the MS patch to our servers and =
workstations, however, it would have
still gotten "inside". How can I = redesign my
network to either firewall the
VPN connections or at a = minimum filter them. Thanx for your opinions in advance! Christopher J. Joles Chief Information Officer
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- RE: Security from VPN connections Blom, Casper A SITI-ITDPET (Aug 27)
- <Possible follow-ups>
- Re: Security from VPN connections FreyGuy (Aug 27)
- RE: Security from VPN connections Anstett, Brad (Aug 28)