Firewall Wizards mailing list archives
RE: VPN for *DSL/CableModem Users
From: Patrick Darden <darden () armc org>
Date: Mon, 21 Aug 2000 09:34:49 -0400 (EDT)
Mike, Nortel's Contivity Extranet Switch is cheap, fast, and rock solid. The software client is a good neighbor on Windows machines. Most of all, when a VPN is up, no internet traffic is allowed--only traffic inside that pipe is allowed. A good beginning to a very secure solution. We use it with NIS 2000 for non-VPN security vs. trojans, hacks, and virii. All of our VPNs are IPSEC with 3DES encryption and MD5 header integrity checking via cable modems, DSL, ISDN, or T1+. We're very happy so far. Sincerely, -- -- --Patrick Darden Internetworking Manager -- 706.354.3312 darden () armc org -- Athens Regional Medical Center
-----Original Message----- From: Michael C. Ibarra [mailto:ibarra () hawk com] Sent: Thursday, August 17, 2000 5:15 PM To: firewall-wizards () nfr net Subject: [fw-wiz] VPN for *DSL/CableModem Users Hello: I've been asked to perform the horrible task of allowing in remote/home internet connections into a corporate LAN. The firewall/s in question are a FW-1 and IPFilter (separate machines) combo. The pipe decided upon was either DSL or cable modems, based of course on availibilty. The present method is an isdn/SecureID/dialback method. The present corporate policy allows no inbound traffic from the inter- net and allows a limited outbound connections, mainly http. My feeling is that users, unable to reach their AOL/Napster/ whatever type of services could place a modem into these home PC's, corporate owned but that doesn't matter, making that box an insecure gateway or transfer point for a virus to the corporate network. VPN's IMO would do little to protect a machine which has a greater chance of becoming compromised, besides breaking corporate security policy since all non-VPN connections would probably allow those same services not normally allowed in the office. My question, and thank you for reading this far, is what VPN software and/or hardware is recommended and what can be done to enforce the present corporate policy (aside from asking users to sign an agreement). Thank you all, -mike The information contained in this message is not necessarily the opinion of Hawk Technologies, Inc.
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: VPN for *DSL/CableModem Users, (continued)
- RE: VPN for *DSL/CableModem Users Starkey, Kyle (Aug 19)
- RE: VPN for *DSL/CableModem Users John Adams (Aug 20)
- RE: VPN for *DSL/CableModem Users Robert Purdy (Aug 21)
- RE: VPN for *DSL/CableModem Users sean . kelly (Aug 19)
- Re: VPN for *DSL/CableModem Users Chuck Fasching (Aug 19)
- Re: VPN for *DSL/CableModem Users Andrew J Bernoth/Boulder/IBM (Aug 19)
- Re: VPN for *DSL/CableModem Users Michael C. Ibarra (Aug 19)
- RE: VPN for *DSL/CableModem Users Jensen, Greg (Aug 20)
- Re: VPN for *DSL/CableModem Users amanda (Aug 20)
- Re: VPN for *DSL/CableModem Users Bill_Royds (Aug 20)
- RE: VPN for *DSL/CableModem Users Patrick Darden (Aug 21)
- RE: VPN for *DSL/CableModem Users Starkey, Kyle (Aug 19)