Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Placement of a VPN Appliance

From: Jeffery.Gieser () minnesotamutual com
Date: Fri, 5 Jan 2001 14:31:14 -0600

Ron,

#I get confused at this point.  as long as the VPN traffic is allowed into
#your network, no matter the endpoint, in front of or behind the FW, of the
#device, are you not at the same risk?

If the VPN's internal NIC is on your internal network as soon as you can
compromise the VPN then you can do anything you want on the internal
network.  If the VPN's internal NIC is on a dmz of the firewall as soon as
you compromise the VPN then you can do anything that the firewall allows
you to do on the internal network.  The difference is in what the firewall
allows you to do.  This is where you have to be careful and make sure you
don't turn your firewall into swiss cheese by allowing everything in.  This
is also why I prefer to allow employees directly into the internal network
and 3rd parties into a dmz.  The access a 3rd party gets is a lot more
limited than the access an employee gets.

Regards,
Jeffery Gieser


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: