Re: How safe is a VPN connexion from within an internal network?

["Jeffrey F. Bloss" <jbloss () tampabay rr com>]

David Jacoby wrote:

> There are a few solutions for this, ive seen some VPN clients that
> disconnects the client machine from the Internet once the VPN
> connection is established, this will prevent the attacker to keep his
> connection because the client machine only allows connection to be
> sent to the remote network via the VPN client, no other connections
> are allowed.

Just out of idle curiosity, how would one "disconnect the client from
the Internet" when it's typically the Internet that's being used to
establish the VPN tunnel? :)

I suppose a piece of software could go to great lengths trying to
prevent any and all connections that weren't VPN, but this would be a
daunting task even if we weren't adding to the mix a condition like
being compromised. Even without that I just don't see this alleged
disconnection as being all that comforting, and a cracker mucking
around in your machine for a few minutes might turn it into one of
those (false sense of) security nightmares. 

-- 
Hand crafted on 22 November, 2006 at 12:46:49 EST using
only the finest domestic and imported ASCII.

Do not meddle in the affairs of dragons, for you 
are crunchy and good with ketchup.

Attachment: signature.asc
Description: