Security Basics mailing list archives
Re: How safe is a VPN connexion from within an internal network?
From: David Jacoby <dj () outpost24 com>
Date: Tue, 21 Nov 2006 11:41:07 +0100
Hi Pierre! Ive noticed that alot of people who use a VPN connection to access for example the internal network on their office or other DMZ zones does not take in consideration that once the VPN connection is established everyone who has access to the client machine can also access the remote network. What i meen is that lets say that you are using a VPN connection to access some computers on a remote network and your machine gets compromised via a vulnerability in Internet Explorer or another client based vulnerability, the recent WinZip vulnerability for example. The attacker gets a shell on your machine, this will result in that the attacker can access the same networks as you can because he is on a "authenticated" computer. There are a few solutions for this, ive seen some VPN clients that disconnects the client machine from the Internet once the VPN connection is established, this will prevent the attacker to keep his connection because the client machine only allows connection to be sent to the remote network via the VPN client, no other connections are allowed. But you need to take that in consideration, the client machine also needs to be "secure" before it should be able to connect to any private network. Best regards, David Jacoby PIERRE.DUFRESNE () MESS GOUV QC CA wrote:
Hi all! I have been asked to install a vpn client on a workstation inside our network that would access another network through our firewall. Besides the technical details of allowing IPSec traffic through a NATed device, I was wondering how safe is this practice? Is it done often? Once the connexion is established, can a host on the external network access the workstation inside my network, ie initiate a connexion? Should I rather go with a "site to site" vpn connexion? Thanks for your time Pierre --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- David Jacoby Vice President Customer Experience http://www.outpost24.com phone: +46-(0)455-612311 fax : +46-(0)455-13960 email: dj () outpost24 com --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- How safe is a VPN connexion from within an internal network? PIERRE.DUFRESNE (Nov 21)
- RE: How safe is a VPN connexion from within an internal network? Patton Roub (Nov 21)
- Re: How safe is a VPN connexion from within an internal network? David Jacoby (Nov 21)
- Re: How safe is a VPN connexion from within an internal network? Jeffrey F. Bloss (Nov 22)
- Re: How safe is a VPN connexion from within an internal network? Joseph Jenkins (Nov 23)
- Re: How safe is a VPN connexion from within an internal network? David Jacoby (Nov 23)
- Re: How safe is a VPN connexion from within an internal network? Peter Fuggle (Nov 27)
- Re: How safe is a VPN connexion from within an internal network? Jeffrey F. Bloss (Nov 27)
- Re: How safe is a VPN connexion from within an internal network? Jeffrey F. Bloss (Nov 22)
- Re: How safe is a VPN connexion from within an internal network? Michal Merta (Nov 21)
- Re: How safe is a VPN connexion from within an internal network? rvenne (Nov 21)
- RE: How safe is a VPN connexion from within an internal network? Quark IT - Hilton Travis (Nov 21)
- <Possible follow-ups>
- RE: How safe is a VPN connexion from within an internal network? Scott Ramsdell (Nov 21)
- Re: How safe is a VPN connexion from within an internal network? krymson (Nov 21)