Firewall Wizards mailing list archives
Re: Application requires VPN - How are these handled?
From: Mike Scher <mscher () neohapsis com>
Date: Wed, 2 Apr 2003 10:45:19 -0600 (CST)
On Wed, 2 Apr 2003, Mikael Olsson wrote:
And, yes, I can see why $bigco would want to put in a clause saying "put wireless units on your LAN and we'll sue/cut the connection". I'm all for it :)
Well, good, but again, at a large company the asking vendor is just one among dozens of vendors asking for similar access. Will the vendor agree to carry $10M in E&O insurance, list $bigco as a beneficiary, and agree to indemnify them against all costs associated with a security breach on vendor's end via which $bigco is harmed? I've negotiated a number of these working with $bigcos -- and it was almost always $another_bigco that wanted the ACL-free lan-to-lan connection under their control. The $another_bigco was always "sure" their security was good. They usually said, "You can trust us!" When it came to brass tacks and we said, "if it's so good, you won't mind agreeing to indemnify us and showing us proof of insurance with $bigco as a named 3rd party beneficiary," they usually balked and agreed to our alternative. That said, a lan-to-lan connect terminating in a 'vendor landing zone' with access controls, select application proxies, and monitoring made a lot more sense for us back then; it has continued to make sense for every large client we have. It puts the monitoring of all these various and sundry pipes in one place, under one audit chain. The alternative is *dozens* of lan-to-lan holes in the firewall going straight to the corporate core. -M -- Michael Brian Scher | Director, Neohapsis Labs mscher () neohapsis com | General Counsel Fax: 773-394-8314 | Vox: 773-394-8310 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Application requires VPN - How are these handled? Michele Jordan (Apr 01)
- Re: Application requires VPN - How are these handled? Mikael Olsson (Apr 01)
- Re: Application requires VPN - How are these handled? Paul Robertson (Apr 01)
- Re: Application requires VPN - How are these handled? Mikael Olsson (Apr 01)
- Re: Application requires VPN - How are these handled? Paul Robertson (Apr 01)
- Re: Application requires VPN - How are these handled? Mike Scher (Apr 02)
- tunnel vs open a hole Anton A. Chuvakin (Apr 06)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 06)
- Re: tunnel vs open a hole Barney Wolff (Apr 06)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 06)
- Re: tunnel vs open a hole Crispin Cowan (Apr 07)
- Re: tunnel vs open a hole Barney Wolff (Apr 07)
- Re: tunnel vs open a hole Crispin Cowan (Apr 07)
- Re: Application requires VPN - How are these handled? Paul Robertson (Apr 01)
- Re: Application requires VPN - How are these handled? Mikael Olsson (Apr 01)
- Re: tunnel vs open a hole Dave Piscitello (Apr 08)
- Re: tunnel vs open a hole Frederick M Avolio (Apr 08)
- Re: tunnel vs open a hole Adam Shostack (Apr 08)