Re: Home users with VPN connections

[camthompson <camthompson () shaw ca>]

Jonathan Grotegut wrote:

> Forgive me if this seems trivial or "newbieish" but I am new to 
>
> the "Security" end of computing.
>
>
>
> With the new CERT Advisory CA-2003-08.  I got me to thinking "What are 
>
> others policies, procedures, and requirements for home users connecting 
>
> via VPN to a corporate network?"
>
>
>
> When a person connects a VPN connection from their home to the office, 
>
> they can very easily have a Trojan or a virus.  This would allow for easy 
>
> infection or access to the corporate network.
>
>
>
> What are what are your thoughts on policies, procedures, requirements for  
>
> VPN users connecting to the corporate network as far as Password 
>
> requirements, Personal Firewalls, Virus Software, Etc.?
>
>
>
> Thanks in advance for your sugestions.  By the way our clients vary.  Our 
>
> clients are all in different professions, meaning we have everything from 
>
> health care providers to mortgage companies to printing companies.
>
>
>
> Jonathan Grotegut
>
> DirectPointe
>
>  
Any Internetwork should have equal security at all access points to the 
internet.

I guess that means you (or whoever wantsa vpn connection the the 
corporate network) should have just as good security measures as the 
networks you are connecting to.
What if the corporation has a PIX or some other expensive firewall 
equipment?  Then you should have sime kind of hardware firewall, maybe a 
linux gateway running iptables. Then a software firewall on the 
workstation with a good virus scanner to keep trojans and such off that 
machine.

Cam