Security Basics mailing list archives
RE: SSL VPN's from LAN to WAN
From: "Serge Vondandamo" <serge.vondandamo () orange fr>
Date: Wed, 12 Dec 2007 23:19:14 +0100
1. Isolate their desktops in a separate vlan and redirect all vpn traffic originating from their subnet to a honeypot or some kind of monitoring system so you can try to understand what they are doing. 2. You are not overacting!!! You are simply doing your job. Cheers, Serge Vondandamo, CISSP -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de fac51 Envoyé : mardi 11 décembre 2007 11:09 À : security-basics () securityfocus com Objet : SSL VPN's from LAN to WAN Hi All, I would like some advice on a situation that is new to me. I have just discovered that some contractors that are on our corporate LAN have managed to install (Half Install) VPN Clients that allow them to connect directly back to their LAN (RDP'ing into their Desktops etc.) The desktops they are using here are locked down but still allow some VPN functionality. The VPN connects over 443 out of our network then to their Firewall as concentrator. Implications that I can think of are; 1. All traffic to and from us is encrypted and therefore we cannot monitor. 2. They can see network drives and could be stealing info. (although they don't have much access) 3. Any infections at their site could propogate to us (that could happen anyway I suppose via email) My first reaction is one of horror but am I over reacting? If my worst fears are confirmed I will need to block them. To do this I was thinking of blocking all traffic to and from their firewall however apparently some access to remote services is required by other staff. Help!?!? kind regards, S ____________________________________________________________________________ ________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Current thread:
- SSL VPN's from LAN to WAN fac51 (Dec 12)
- RE: SSL VPN's from LAN to WAN Yahsodhan Deshpande (Dec 12)
- Re: SSL VPN's from LAN to WAN Tremaine Lea (Dec 12)
- RE: SSL VPN's from LAN to WAN Serge Vondandamo (Dec 12)
- RE: SSL VPN's from LAN to WAN Bill Lavalette (Dec 13)