Re: Level3 routing issues?

["Christopher L. Morrow" <chris () UU NET>]

On Mon, 27 Jan 2003, Scott Granados wrote:

> Alex, although technically correct, its not practical.  How many end users
> vpn in from home from say a public ip on their dsl modem leaving
> themselves open to attack but now also having this connection back to the
> "Secure" inside network.  Has anyone heard of any confirmed cases of this
> yet?

I hate to blow a vendor's horn, BUT... checkpoint has atleast thought this
through with SecureClient. There is the ability to push down on the vpn
client a local security policy that SHOULD allow you to enforce corporate
network security policy on the remote system.

> On Mon, 27 Jan 2003 alex () yuriev com wrote:
>
> > > > Note that in the case of a worm, a VPN could work against you.  If you
> > > > have all the right filters in place at your "perimeter" and yet let
> > > > your employees in through a VPN solution of some sort, you could still
> > > > be screwed if one of their home systems gets infected somehow.
> > >
> > > So what you're saying is that a really good worm could infiltrate any secure
> > > network by targetting those who vpn from exterior sources, collect data, and
> > > then run? Hmmm. Wait a sec. Would that constitute a worm if it had purpose?
> >
> > This is not correct. VPN simply extends security policy to a different
> > location. A VPN user must make sure that local security policy prevents
> > other traffic from entering VPN connection.
> >
> > Alex