Security Basics mailing list archives
VPN Access for Consultants
From: "Louis Cypher" <louisecypher () hotmail com>
Date: Fri, 21 Nov 2003 05:01:35 -0700
I totally agree with you Jenn. How long are they going to be there? Once and if you allow this, who knows what there network is like, I do not allow unknown networks access to my networks. I will not and cannot controll and monitor what is coming acrosss the line. Better safe than sorry. Never assume and trust no one, it can save you a lot of headaches. ; )
-----Original Message----- From: Alessandro [mailto:a.bottonelli () infinito it] Sent: Thursday, November 20, 2003 1:16 PM To: security-basics () securityfocus com Cc: Jennifer Fountain Subject: Re: VPN Access for Consultants On Thursday 20 November 2003 00:28, Jennifer Fountain wrote: > They > proceeded to look at me like I had six heads and act like I was the only > security admin that wouldn't allow this. What is the general consensus > on this type of activity? What policies do you have implemented? Do > you allow it if the remote network was confirmed to be secure? > Oh well, it much depends on what kind of data / information your external consultants work on. Does your policy have a classification criteria, if so what does it say about, for the sake of example, the remote access of confidential information? Do not forget, then, that once they unplug their laptops they may have recorded YOUR data on their hard disks and can roam happily on planes, trains and anywhere with YOUR data (and laptops are easy to forget somewhere or to be stolen anyway). I would be personally more concerned with administrative countermeasures than trying to technically assess their networks security (for example there may be a clause in their contracts about (not) storing your data locally or about what kind of measures you ask them to take if they do). Besides, if the tunnel is crypted (efficiently) end-to-end (or laptop to your border-router) what do you care what networks they traverse in the process? -- Alessandro Bottonelli CISSP, BS7799 Lead Auditor www.axis-net.it --------------------------------------------------------------------------- ----------------------------------------------------------------------------
_________________________________________________________________Has one of the new viruses infected your computer? Find out with a FREE online computer virus scan from McAfee. Take the FreeScan now! http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: VPN Access for Consultants, (continued)
- RE: VPN Access for Consultants David Gillett (Nov 20)
- Re: VPN Access for Consultants Mike Bowler (Nov 20)
- Re: VPN Access for Consultants Steve (Nov 20)
- Re: VPN Access for Consultants lennons (Nov 21)
- Re: VPN Access for Consultants (Little Late) Gabriel Orozco (Nov 25)
- RE: VPN Access for Consultants (Little Late) David Gillett (Nov 25)
- Re: VPN Access for Consultants (Little Late) Jimi Thompson (Nov 26)
- Re: VPN Access for Consultants lennons (Nov 21)
- Re: VPN Access for Consultants Alessandro (Nov 20)
- Re: VPN Access for Consultants Byron Sonne (Nov 21)
- Re: VPN Access for Consultants crtech (Nov 23)
- VPN Access for Consultants Louis Cypher (Nov 21)