Re: pcanywhere encryption

[Randy.Witlicki () valley net (Randy Witlicki)]

  Adam wrote:
> On Fri, Jan 26, 2001 at 06:46:05PM -0500, Randy Witlicki wrote:
> |   Here's my twist to the issue:
> | 
> |   I will contend (IF and ONLY IF the crypto is done right) that
> | it is better to provide a telecommuter with remote access via
> | a PCAnywhere (or VNC) type of connection and not a VPN.
> |   The reason is that you are only trusting one application to go
> | behind the corporate perimeter defense.  A VPN lets *any* application
> | running on the home PC (or perhaps the home LAN for that matter)
> | to be trusted.
>
> Its my understanding that PC Anywhere allows me to control the remote
> PC.  If the app that goes through the perimeter can control a full
> host on the inside, then I fail to see what benefit your distinction
> brings?

  With a VPN, any virus, trojan horse, or other rogue application
could conceivably access any host inside the perimeter.  If only
the data stream of an application like PCanywhere's is allowed
inside, then you raise the security bar a bit higher - the evil
code would have to be aware of the remote control app. in use.
  There are a number of PC viruses out there which attempt to 
scan for open SMB C:\ drive shares - suppose a family member (or
the employee themself) infects their home PC - in this case with
a VPN, when you connect, the virus can infect the corporate
network - this is not the case with the PCanywhere type solution.

  - Randy
 -

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards