Firewall Wizards mailing list archives

RE: VPN for *DSL/CableModem Users

From: Patrick Darden <darden () armc org>
Date: Mon, 21 Aug 2000 09:34:49 -0400 (EDT)


Mike,

Nortel's Contivity Extranet Switch is cheap, fast, and rock solid.  The
software client is a good neighbor on Windows machines.  Most of all, when
a VPN is up, no internet traffic is allowed--only traffic inside that pipe
is allowed.  A good beginning to a very secure solution.  We use it with
NIS 2000 for  non-VPN security vs. trojans, hacks, and virii.

All of our VPNs are IPSEC with 3DES encryption and MD5 header integrity
checking via cable modems, DSL, ISDN, or T1+.  We're very happy so far.


Sincerely,

-- 
--
--Patrick Darden                Internetworking Manager             
--                              706.354.3312    darden () armc org
--                              Athens Regional Medical Center

-----Original Message-----
From: Michael C. Ibarra [mailto:ibarra () hawk com]
Sent: Thursday, August 17, 2000 5:15 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] VPN for *DSL/CableModem Users

Hello:

 I've been asked to perform the horrible task of allowing
 in remote/home internet connections into a corporate LAN.
 The firewall/s in question are a FW-1 and IPFilter (separate 
 machines) combo. The pipe decided upon was either DSL or 
 cable modems, based of course on availibilty. The present
 method is an isdn/SecureID/dialback method. The present
 corporate policy allows no inbound traffic from the inter-
 net and allows a limited outbound connections, mainly http.
 My feeling is that users, unable to reach their AOL/Napster/
 whatever type of services could place a modem into these home
 PC's, corporate owned but that doesn't matter, making that
 box an insecure gateway or transfer point for a virus to the
 corporate network. VPN's IMO would do little to protect a 
 machine which has a greater chance of becoming compromised,
 besides breaking corporate security policy since all non-VPN
 connections would probably allow those same services not 
 normally allowed in the office. My question, and thank you
 for reading this far, is what VPN software and/or hardware
 is recommended and what can be done to enforce the present
 corporate policy (aside from asking users to sign an agreement).

Thank you all,

-mike

        The information contained in this message 
         is not necessarily the opinion of Hawk 
                 Technologies, Inc.



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

RE: VPN for *DSL/CableModem Users, (continued)
- RE: VPN for *DSL/CableModem Users Starkey, Kyle (Aug 19)
  - RE: VPN for *DSL/CableModem Users John Adams (Aug 20)
  - RE: VPN for *DSL/CableModem Users Robert Purdy (Aug 21)
- RE: VPN for *DSL/CableModem Users sean . kelly (Aug 19)
- Re: VPN for *DSL/CableModem Users Chuck Fasching (Aug 19)
- Re: VPN for *DSL/CableModem Users Andrew J Bernoth/Boulder/IBM (Aug 19)
  - Re: VPN for *DSL/CableModem Users Michael C. Ibarra (Aug 19)
- RE: VPN for *DSL/CableModem Users Jensen, Greg (Aug 20)
- Re: VPN for *DSL/CableModem Users amanda (Aug 20)
- Re: VPN for *DSL/CableModem Users Bill_Royds (Aug 20)
- RE: VPN for *DSL/CableModem Users Patrick Darden (Aug 21)