Security Basics mailing list archives
How secure is VPN access?
From: "Hayden Searle" <hayden.searle () safecom co nz>
Date: Fri, 19 Nov 2004 14:13:31 +1300
Hi The way we work here is there is a firewall after the VPN endpoint so we can control the ports the VPN users can access. We do not allow file and print (135, 139, 445 etc) or anything that is not essential. We only allow access to specific hosts on said specific ports. To our knowledge this is the most secure way we can do it to prevent the outbreak of the more prevalent virii, worms etc on the net. If your boss is worried about the home PC situation and only the company laptops can connect....well most home users have xDSL or cable modems for the speed of connectivity etc, or use wireless. Not many ISP's control their systems with tight firewall rules so once the PC is on the net it can be open to infection or compromise, which is how the things spread in the first place (ISP's take little to no responsibility for stopping net bourne virii and most are only starting to do email worms/virii on their mail servers), as well as from the users home PC as soon as it gets connected to the home network. You can make remote access highly secure by only allowing certain groups of people access to certain machines, but even with a firewall you cant be 100% secure. The best way of doing it IMO is to have a VPN endpoint with a firewall inside it, and inside the second firewall have an IDS/IPS system to check the traffic and block anything malicious that sneaks through. Also the company could purchase bulk licenses for antivirus and personal firewalls and supply them to the users who require remote access to help ensure network security. Well that's my 2c worth anyway :) Hayden Searle Network Security Specialist -----Original Message----- From: Cesar Diaz [mailto:cdiaz00 () gmail com] Sent: Thursday, 18 November 2004 5:39 a.m. To: security-basics () securityfocus com Subject: How secure is VPN access? List, After years of having VPN access for our remote users without a single know security incident, my boss and I have to justify to her boss why VPN is secure. The CIO wants us to only allow users to access the network from company laptops, not from their own home computers. We currently will allow users to install the VPN client software on their home computers to connect remotely, or they can use Citrix through SSL access to get to network resources. His concern is that if a users home PC is compromised, that compromise can spread to our network. Is this a legitimate concern? Can anyone point me in the direction of some documentation backing either argument? Thanks in advance for any help. C ##################################################################################### Important: This electronic message and attachments (if any) are confidential and may be legally privileged. If you are not the intended recipient do not copy, disclose or use the contents in any way. Please let us know by return e-mail immediately and then destroy this message. #####################################################################################
Current thread:
- RE: How secure is VPN access?, (continued)
- RE: How secure is VPN access? dave kleiman (Nov 18)
- Re: How secure is VPN access? Jimi Thompson (Nov 19)
- Re: How secure is VPN access? GuidoZ (Nov 19)
- RE: How secure is VPN access? David Gillett (Nov 18)
- Re: How secure is VPN access? Nathaniel Hall (Nov 19)
- RE: How secure is VPN access? Alsobrook, Taylor (C.) (Nov 18)
- RE: How secure is VPN access? Matvei Kliuchnikov (Nov 18)
- Re: How secure is VPN access? K. K. Mookhey (Nov 22)
- RE: How secure is VPN access? Javier Otero De Alba (Nov 18)
- Re: How secure is VPN access? Jonathan Loh (Nov 19)
- How secure is VPN access? Hayden Searle (Nov 19)
- FW: How secure is VPN access? Stephane Auger (Nov 19)
- RE: How secure is VPN access? dave kleiman (Nov 18)