Security Basics mailing list archives
RE: How secure is VPN access?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 18 Nov 2004 08:31:15 -0800
Yes, it's legitimate. Many companies terminate their VPNs directly on the internal network. A better practice is to terminate in a DMZ, so that traffic between VPN clients and the secured network is filtered through a firewall and/or IDS. Some VPNs can be configured to allow "split tunnelling", where the remote client only uses the tunnel for traffic to/from the secured network, and doesn't use the tunnel for other Internet traffic. Although this makes efficient use of bandwidth, it opens up the possibility that a VPN client machine, if compromised, could act as a proxy gateway between the two, bypassing your other perimeter security measures. Split tunnelling, if available, should be turned off. Several recent VPN offerings have begun including facilities to verify up-to-date antivirus and other security configuration on remote clients before allowing connection. I think that this is a good way to address your CIO's concerns while continuing to provide access for your users. David Gillett
-----Original Message----- From: Cesar Diaz [mailto:cdiaz00 () gmail com] Sent: Wednesday, November 17, 2004 8:39 AM To: security-basics () securityfocus com Subject: How secure is VPN access? List, After years of having VPN access for our remote users without a single know security incident, my boss and I have to justify to her boss why VPN is secure. The CIO wants us to only allow users to access the network from company laptops, not from their own home computers. We currently will allow users to install the VPN client software on their home computers to connect remotely, or they can use Citrix through SSL access to get to network resources. His concern is that if a users home PC is compromised, that compromise can spread to our network. Is this a legitimate concern? Can anyone point me in the direction of some documentation backing either argument? Thanks in advance for any help. C
Current thread:
- How secure is VPN access? Cesar Diaz (Nov 17)
- RE: How secure is VPN access? dave kleiman (Nov 18)
- Re: How secure is VPN access? Jimi Thompson (Nov 19)
- Re: How secure is VPN access? GuidoZ (Nov 19)
- RE: How secure is VPN access? David Gillett (Nov 18)
- Re: How secure is VPN access? Nathaniel Hall (Nov 19)
- <Possible follow-ups>
- RE: How secure is VPN access? Alsobrook, Taylor (C.) (Nov 18)
- RE: How secure is VPN access? Matvei Kliuchnikov (Nov 18)
- Re: How secure is VPN access? K. K. Mookhey (Nov 22)
- RE: How secure is VPN access? Javier Otero De Alba (Nov 18)
- Re: How secure is VPN access? Jonathan Loh (Nov 19)
- How secure is VPN access? Hayden Searle (Nov 19)
- FW: How secure is VPN access? Stephane Auger (Nov 19)
- RE: How secure is VPN access? dave kleiman (Nov 18)