Firewall Wizards mailing list archives
Re: pcanywhere encryption
From: Randy.Witlicki () valley net (Randy Witlicki)
Date: 29 Jan 2001 12:12:40 EST
Adam wrote:
On Fri, Jan 26, 2001 at 06:46:05PM -0500, Randy Witlicki wrote: | Here's my twist to the issue: | | I will contend (IF and ONLY IF the crypto is done right) that | it is better to provide a telecommuter with remote access via | a PCAnywhere (or VNC) type of connection and not a VPN. | The reason is that you are only trusting one application to go | behind the corporate perimeter defense. A VPN lets *any* application | running on the home PC (or perhaps the home LAN for that matter) | to be trusted. Its my understanding that PC Anywhere allows me to control the remote PC. If the app that goes through the perimeter can control a full host on the inside, then I fail to see what benefit your distinction brings?
With a VPN, any virus, trojan horse, or other rogue application could conceivably access any host inside the perimeter. If only the data stream of an application like PCanywhere's is allowed inside, then you raise the security bar a bit higher - the evil code would have to be aware of the remote control app. in use. There are a number of PC viruses out there which attempt to scan for open SMB C:\ drive shares - suppose a family member (or the employee themself) infects their home PC - in this case with a VPN, when you connect, the virus can infect the corporate network - this is not the case with the PCanywhere type solution. - Randy - _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: pcanywhere encryption Henry Sieff (Jan 29)
- <Possible follow-ups>
- RE: pcanywhere encryption Loomis, Rip (Jan 29)
- RE: pcanywhere encryption Ben . Grubin (Jan 29)
- RE: pcanywhere encryption hermit1 (Jan 29)
- Re: pcanywhere encryption Randy Witlicki (Jan 29)
- RE: pcanywhere encryption Hackett, James (Jan 30)