Firewall Wizards mailing list archives
VPN & Terminal Server was: VPN for *DSL/CableModem Users
From: "Adrian Brinton" <adrian () brinton to>
Date: Wed, 23 Aug 2000 18:10:45 -0700
We are looking at using NT Terminal Server as a solution to this. Users connect via DSL/Cable/Dialup or whatever, using the SecurRemote client, and only have access to a terminal server in a DMZ. They can get to the office resources they need, but not directly from home. This way, if a home machine were compromised, there would be no direct path to the corporate network. Can anyone comment on downsides to this (security-wise, not Terminal Server limitations)? Adrian Brinton Network Engineer -----Original Message----- From: Michael C. Ibarra [mailto:ibarra () hawk com] Sent: Thursday, August 17, 2000 2:15 PM To: firewall-wizards () nfr net Subject: [fw-wiz] VPN for *DSL/CableModem Users Hello: I've been asked to perform the horrible task of allowing in remote/home internet connections into a corporate LAN. The firewall/s in question are a FW-1 and IPFilter (separate machines) combo. The pipe decided upon was either DSL or cable modems, based of course on availibilty. The present method is an isdn/SecureID/dialback method. The present corporate policy allows no inbound traffic from the inter- net and allows a limited outbound connections, mainly http. My feeling is that users, unable to reach their AOL/Napster/ whatever type of services could place a modem into these home PC's, corporate owned but that doesn't matter, making that box an insecure gateway or transfer point for a virus to the corporate network. VPN's IMO would do little to protect a machine which has a greater chance of becoming compromised, besides breaking corporate security policy since all non-VPN connections would probably allow those same services not normally allowed in the office. My question, and thank you for reading this far, is what VPN software and/or hardware is recommended and what can be done to enforce the present corporate policy (aside from asking users to sign an agreement). Thank you all, -mike The information contained in this message is not necessarily the opinion of Hawk Technologies, Inc. _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- VPN & Terminal Server was: VPN for *DSL/CableModem Users Adrian Brinton (Aug 24)