Security Basics mailing list archives
Re: Security from VPN connections
From: FreyGuy <freyguy () newsguy com>
Date: Wed, 27 Aug 2003 12:01:22 -0400
Hi Christopher; Depending on how you have configured your VPN solution...: Another option, if it fits into your environment, is to actually have the "Private" or internal VPN interface in a DMZ, also controlled by the PIX (given that you have more than 3 ports available on your 515. Then, you can apply access-lists to the traffic coming from and going to the private VPN concentrator's interface. In the case of the Blaster worm, you could apply a list to prevent 135/137/139/445 traffic sourced from your VPN's "virtual" subnet. However, this might be impractical for you if your remote clients use Windows shares across the VPN. If they just use email/intranet/etc., however, this might very well do it, especially for those exploits that utilize Windows networking such as Blaster. KevFrey Project Manager, Infrastructure freyguy () newsguy com . . . . . .. . . . . . ========================================== On Tue, 26 Aug 2003 11:57:24 -0400, Christopher Joles wrote: Good Day All! I'm looking for design advice. Currently, I have a network that is protected by a Cisco PIX 515 = firewall. We have it configured to protect our internal network along = with supplying access to our DMZ which holds our email and web servers. My concern arises from the spread of the blaster worm. Currently we = give a couple employees (the boss, the CFO and myself) VPN access from = home. In this scenario, the bosses home computer was compromised by the = blaster worm and luckily for me, he was on vacation in Germany at the = time. If he wasn't, he most assuridly would have made a VPN connection = and the lovely blaster worm would have gotten through our defenses. = Keep in mind, I had applied the MS patch to our servers and = workstations, however, it would have still gotten "inside". How can I = redesign my network to either firewall the VPN connections or at a = minimum filter them. Thanx for your opinions in advance! Christopher J. Joles Chief Information Officer --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- RE: Security from VPN connections Blom, Casper A SITI-ITDPET (Aug 27)
- <Possible follow-ups>
- Re: Security from VPN connections FreyGuy (Aug 27)
- RE: Security from VPN connections Anstett, Brad (Aug 28)