Security Basics mailing list archives
Re: VPN Access for Consultants
From: Mike Bowler <mbowler () GargoyleSoftware com>
Date: Thu, 20 Nov 2003 13:45:39 -0500
I consult on software development not security, so apply as much skeptism as you feel appropriate ;-)
> We have several consultants working for my company and they have > requested that I allow vpn access through our firewall to their > company. They want to be able to access their network and our network > at the same time (tunnel).As a consultant, I would not expect any company to allow me to set up a VPN between their network and my own. I *would* think it reasonable to allow an SSH connection outwards from your network but even this would be considered on a case by case basis.
Even though both are exposing holes in the firewall, VPN and SSH are quite different in intent. An SSH tunnel is opened for a very specific purpose whereas a VPN is an open bridge that anything can cross.
Additionally, people comfortable with SSH tend to be more aware of security issues than others so I'd be more inclined to give access to someone who had specifically asked for SSH access. I'd still want to know that they had an understanding of security issues but asking for SSH would be a good indicator that they might have a clue.
Having said that, I would not consider it unreasonable for you to deny access to both VPN and SSH.
> I told them no, I do not want to create a tunnel between > my network and theirs but I would allow them to plug their laptops > into the dmz or outside the firewall so they can access their network.I think that this is an extremely reasonable compromise. I'd be interested to hear what they want to do that cannot be met by this.
> Do you allow it if the remote network was confirmed to be secure? I wouldn't assume that any outside network was secure. -- Mike Bowler Principal, Gargoyle Software Inc. Voice: (416) 822-0973 | Email : mbowler () GargoyleSoftware com Fax : (416) 822-0975 | Website: http://www.GargoyleSoftware.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- VPN Access for Consultants Jennifer Fountain (Nov 20)
- RE: VPN Access for Consultants David Gillett (Nov 20)
- Re: VPN Access for Consultants Mike Bowler (Nov 20)
- Re: VPN Access for Consultants Steve (Nov 20)
- Re: VPN Access for Consultants lennons (Nov 21)
- Re: VPN Access for Consultants (Little Late) Gabriel Orozco (Nov 25)
- RE: VPN Access for Consultants (Little Late) David Gillett (Nov 25)
- Re: VPN Access for Consultants (Little Late) Jimi Thompson (Nov 26)
- Re: VPN Access for Consultants lennons (Nov 21)
- Re: VPN Access for Consultants Alessandro (Nov 20)
- Re: VPN Access for Consultants Byron Sonne (Nov 21)
- Re: VPN Access for Consultants crtech (Nov 23)
- <Possible follow-ups>
- VPN Access for Consultants Louis Cypher (Nov 21)