Firewall Wizards mailing list archives

Re: worm + VPN + firewall

From: Paul Robertson <proberts () patriot net>
Date: Mon, 18 Aug 2003 07:11:43 -0400 (EDT)

On Sat, 16 Aug 2003, Carric Dooley wrote:

I agree that the VPN segment should be DMZ'd, but typically those users
have acess to NetBIOS so they can map shares, etc. If you didn't patch,
you are hosed on this one. Lots of people didn't learn from Nimda.


But they normally only really need to map shares on a handful of servers, 
so firewalls can still be effective.

Let's face it- VPNs should be more restricted than internal users for 
most, if not all implementations.  Other than "single computer, owned by 
the organization, administered by the organization, without anything 
personal on it"- VPNs raise significant issues when it comes to trust, 
administration, ownership, multihoming, etc.  

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

worm + VPN + firewall Mordechai T. Abzug (Aug 15)
- Re: worm + VPN + firewall R. DuFresne (Aug 15)
  - Re: worm + VPN + firewall Carric Dooley (Aug 17)
    - Re: worm + VPN + firewall R. DuFresne (Aug 18)
    - Re: worm + VPN + firewall Paul Robertson (Aug 18)
    - Re: worm + VPN + firewall Bennett Todd (Aug 18)
- RE: worm + VPN + firewall lordchariot (Aug 15)
- <Possible follow-ups>
- RE: worm + VPN + firewall Ames, Neil (Aug 15)
- RE: worm + VPN + firewall Steve Evans (Aug 15)