Security Basics mailing list archives

Re: Security from VPN connections

From: FreyGuy <freyguy () newsguy com>
Date: Wed, 27 Aug 2003 12:01:22 -0400

Hi Christopher;

Depending on how you have configured your VPN solution...:

Another option, if it fits into your environment, is to actually have the
"Private" or internal VPN interface in a DMZ, also controlled by the PIX
(given that you have more than 3 ports available on your 515.

Then, you can apply access-lists to the traffic coming from and going to the
private VPN concentrator's interface.

In the case of the Blaster worm, you could apply a list to prevent
135/137/139/445 traffic sourced from your VPN's "virtual" subnet.  However,
this might be impractical for you if your remote clients use Windows shares
across the VPN. If they just use email/intranet/etc., however, this might
very
well do it, especially for those exploits that utilize Windows networking
such
as Blaster.

KevFrey
Project Manager, Infrastructure
freyguy () newsguy com
.     .    .   .  . .. .  .   .    .     .
==========================================


On Tue, 26 Aug 2003 11:57:24 -0400, Christopher Joles wrote:
Good Day All!

I'm looking for design advice.

Currently, I have a network that is protected by a Cisco PIX 515 = firewall.
We have it configured to protect our internal network along = with supplying
access to our DMZ which holds our email and web servers.

My concern arises from the spread of the blaster worm.  Currently we = give
a couple employees (the boss, the CFO and myself) VPN access from = home.  In
this scenario, the bosses home computer was compromised by the = blaster
worm and luckily for me, he was on vacation in Germany at the = time.  If he
wasn't, he most assuridly would have made a VPN connection = and the lovely
blaster worm would have gotten through our defenses.  = Keep in mind, I had
applied the MS patch to our servers and = workstations, however, it would
have still gotten "inside".  How can I = redesign my network to either
firewall  the VPN connections or at a = minimum filter them.

Thanx for your opinions in advance!


Christopher J. Joles Chief Information Officer



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

RE: Security from VPN connections Blom, Casper A SITI-ITDPET (Aug 27)
- <Possible follow-ups>
- Re: Security from VPN connections FreyGuy (Aug 27)
- RE: Security from VPN connections Anstett, Brad (Aug 28)