Security Basics mailing list archives
RE: VPN's - Firewall's and Security
From: "Larry Thompson" <lthompson999 () comcast net>
Date: Tue, 26 Aug 2003 20:26:30 -0400
Sounds like you are terminating the VPN at your PIX F/W. This is not good practice. You should terminate the VPN in a separate DMZ for VPN only and then have the F/W apply the normal filters. If this is not possible, apply the filter rules on the same interface as the crypto map to block port 135 outbound as well as the ICMP "nichi" problem (looks like a smurf attack). Larry Thompson, CISSP, GSEC Encryption Manager -----Original Message----- From: Christopher Joles [mailto:CJoles () proteabhs com] Sent: Tuesday, August 26, 2003 11:09 AM To: security-basics () securityfocus com Subject: VPN's - Firewall's and Security Good Day All! I'm looking for design advice. Currently, I have a network that is protected by a Cisco PIX 515 = firewall. We have it configured to protect our internal network along = with supplying access to our DMZ which holds our email and web servers. My concern arises from the spread of the blaster worm. Currently we = give a couple employees (the boss, the CFO and myself) VPN access from = home. In this scenario, the bosses home computer was compromised by the = blaster worm and luckily for me, he was on vacation in Germany at the = time. If he wasn't, he most assuridly would have made a VPN connection = and the lovely blaster worm would have gotten through our defenses. = Keep in mind, I had applied the MS patch to our servers and = workstations, however, it would have still gotten "inside". How can I = redesign my network to either firewall the VPN connections or at a = minimum filter them. Thanx for your opinions in advance! Christopher J. Joles Chief Information Officer PROTEA Behavioral Health Services 187 Exchange St. Bangor, ME 04401 Phone: (207)992-7010 Ext: 245 Fax:(207)992-7011 --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- VPN's - Firewall's and Security Christopher Joles (Aug 26)
- RE: VPN's - Firewall's and Security David Gillett (Aug 26)
- RE: VPN's - Firewall's and Security Larry Thompson (Aug 27)
- <Possible follow-ups>
- RE: VPN's - Firewall's and Security Christopher Joles (Aug 26)
- RE: VPN's - Firewall's and Security Halverson, Chris (Aug 26)
- RE: VPN's - Firewall's and Security Halverson, Chris (Aug 26)
- RE: VPN's - Firewall's and Security Christopher Joles (Aug 26)
- RE: VPN's - Firewall's and Security David Gillett (Aug 26)
- Looking for security resources for SCO open server Ramneek Puri (Aug 27)
- RE: VPN's - Firewall's and Security HOULE, FRANCIS (Aug 27)
- RE: VPN's - Firewall's and Security David Gillett (Aug 26)