Firewall Wizards mailing list archives
RE: risk level associated with VPNs?
From: "Desai, Ashish" <Ashish.Desai () fmr com>
Date: Mon, 7 Feb 2005 10:26:58 -0500
Most companies got hit with the SQL Slammer worm in this manner. (http://www.cs.berkeley.edu/~nweaver/sapphire/) Employees (developers) running unpatched SQL Server got hit when they connected their laptops to the Internet from home. They activated their VPN to connect to get to work. BLAM! Company machines get hit. What was interesting was most companies knew about having unpatched machines in the internal networks but never got the courage to shut them down. Afer learning the hard way, now companies are getting smarter and shutting down internal ports if they detect via a network scan that you have unpatched software. The problem with big companies is that its hard to notify the owner when they shut off the internal network port as the asset tracking systems are not good and they don't know the human owner at the end of an internal company jack. So the developer just plugs into another live jack and the cycle is never ending. I think universities are better at this problem as they require a username to every MAC address. Maybe we might see the day of 801.X auth for desktop machines someday. On another note, anyone have ideas on best ways to handle firewall/ACL rule mgmt. I don't see people setting up feedback loops, where based on allow/deny stats people would remove unused ACL's from the network device. The argument is, some ACLS are only used in DR/Failover so we don't see stats. My counter argument has been you better do a DR/Failover test every month else you have no clue on whether DR will even work ;-) People don't clean up ACLS until their system performance starts to go down. Oh Why? Oh Why? Ashish Desai (Logmaster) -----Original Message----- From: Avishai Wool [mailto:avishai_w () yahoo com] Sent: Thursday, February 03, 2005 5:55 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] risk level associated with VPNs? ......deleted.... Thoughts anyone? Any credible war stories about malware/abuse traveling over VPNs? Or are the customers right and I'm being paranoid? (please don't respond that "the customer is always right" :-) Thanks, Avishai ===== Avishai Wool, Ph.D., http://www.algosec.com http://www.eng.tau.ac.il/~yash yash () acm org Tel: +972-3-640-6316 Fax: +972-3-640-7095 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- risk level associated with VPNs? Avishai Wool (Feb 05)
- Re: risk level associated with VPNs? Marcus J. Ranum (Feb 06)
- RE: risk level associated with VPNs? Bruce Smith (Feb 06)
- Re: risk level associated with VPNs? R. DuFresne (Feb 06)
- Re: risk level associated with VPNs? Paul D. Robertson (Feb 06)
- Re: risk level associated with VPNs? hermit921 (Feb 11)
- <Possible follow-ups>
- RE: risk level associated with VPNs? rlmieth (Feb 06)
- Re: risk level associated with VPNs? Shimon Silberschlag (Feb 11)
- RE: risk level associated with VPNs? Desai, Ashish (Feb 11)
- RE: risk level associated with VPNs? Paul D. Robertson (Feb 11)
- RE: risk level associated with VPNs? Michael Surkan (Feb 11)
- RE: risk level associated with VPNs? Paul D. Robertson (Feb 11)
- RE: risk level associated with VPNs? Richards, Jim (Feb 11)