Firewall Wizards mailing list archives
Re: VPN & Terminal Server was: VPN for *DSL/CableModem Users
From: "daN." <dan () nesmail com>
Date: Mon, 28 Aug 2000 10:33:04 -0700
Well, that depends :) If you where using NT Dumb terminals then there really wouldn't be much of an issue here (other than you are still excepting connections into your corporate LAN over the Internet)...but by using emulation software it's still possible for someone to break into their machine via some other software on their PC and launch the secure remote client on the users desktop, it is then quite easy to retrieve NT sign on data used in the SecurRemote client with a simple keyboard logger on the compromised PC...
mutated. At 06:10 PM 8/23/00 -0700, Adrian Brinton wrote:
We are looking at using NT Terminal Server as a solution to this. Users connect via DSL/Cable/Dialup or whatever, using the SecurRemote client, and only have access to a terminal server in a DMZ. They can get to the office resources they need, but not directly from home. This way, if a home machine were compromised, there would be no direct path to the corporate network. Can anyone comment on downsides to this (security-wise, not Terminal Server limitations)? Adrian Brinton Network Engineer -----Original Message----- From: Michael C. Ibarra [mailto:ibarra () hawk com] Sent: Thursday, August 17, 2000 2:15 PM To: firewall-wizards () nfr net Subject: [fw-wiz] VPN for *DSL/CableModem Users Hello: I've been asked to perform the horrible task of allowing in remote/home internet connections into a corporate LAN. The firewall/s in question are a FW-1 and IPFilter (separate machines) combo. The pipe decided upon was either DSL or cable modems, based of course on availibilty. The present method is an isdn/SecureID/dialback method. The present corporate policy allows no inbound traffic from the inter- net and allows a limited outbound connections, mainly http. My feeling is that users, unable to reach their AOL/Napster/ whatever type of services could place a modem into these home PC's, corporate owned but that doesn't matter, making that box an insecure gateway or transfer point for a virus to the corporate network. VPN's IMO would do little to protect a machine which has a greater chance of becoming compromised, besides breaking corporate security policy since all non-VPN connections would probably allow those same services not normally allowed in the office. My question, and thank you for reading this far, is what VPN software and/or hardware is recommended and what can be done to enforce the present corporate policy (aside from asking users to sign an agreement). Thank you all, -mike The information contained in this message is not necessarily the opinion of Hawk Technologies, Inc. _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Re: VPN & Terminal Server was: VPN for *DSL/CableModem Users daN. (Aug 28)