Security Basics mailing list archives

RE: Security from VPN connections

From: "Blom, Casper A SITI-ITDPET" <Casper.Blom () Shell com>
Date: Wed, 27 Aug 2003 11:44:29 +0200

I would consider the following securityfocus article describing tarpits:
http://www.securityfocus.com/infocus/1723 
I find it a very good starting point to gain time to better get countermeasures in with such attacks.

Casper Blom
Network security
SSCplus



-----Original Message-----
From: Christopher Joles [mailto:CJoles () proteabhs com]
Sent: Tuesday, August 26, 2003 5:57 PM
To: Security-basics () securityfocus com
Cc: Firewalls () securityfocus com
Subject: Security from VPN connections


Good Day All!

I'm looking for design advice.

Currently, I have a network that is protected by a Cisco PIX 515 =
firewall.  We have it configured to protect our internal network along =
with supplying access to our DMZ which holds our email and web servers.

My concern arises from the spread of the blaster worm.  Currently we =
give a couple employees (the boss, the CFO and myself) VPN access from =
home.  In this scenario, the bosses home computer was compromised by the
= blaster worm and luckily for me, he was on vacation in Germany at the
= time.  If he wasn't, he most assuridly would have made a VPN
connection = and the lovely blaster worm would have gotten through our
defenses.  = Keep in mind, I had applied the MS patch to our servers and
= workstations, however, it would have still gotten "inside".  How can I
= redesign my network to either firewall the VPN connections or at a =
minimum filter them.

Thanx for your opinions in advance!


Christopher J. Joles
Chief Information Officer

PROTEA Behavioral Health Services
187 Exchange St.
Bangor, ME 04401
Phone: (207)992-7010 Ext: 245  Fax:(207)992-7011



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

RE: Security from VPN connections Blom, Casper A SITI-ITDPET (Aug 27)
- <Possible follow-ups>
- Re: Security from VPN connections FreyGuy (Aug 27)
- RE: Security from VPN connections Anstett, Brad (Aug 28)