Security Basics mailing list archives
Re: VPN and Security
From: "Simon Chang" <simonychang () gmail com>
Date: Mon, 18 Jun 2007 20:28:50 -0400
I just wanted to put this out there. How secure is VPN. Meaning, if my users take home the client and install it on their desktop at home, and connect to the corporate network and production network, wheat are we really looking at. Are they secure or not.
VPNs are only as secure as you make and maintain them. From your questions it is evident that you do not have the basic understanding of the technologies behind it. Try googling for "VPN", paying special attention to RFCs. You have some homework to do, so go do them.
Two factor authentication would only help the authentication purpose and to protect the user name and password ?
I am not certain what you mean by "only". The basic tenets of security suggest that good security can be achieved when you authenticate potential clients with "something they have, something they are, and something they do". If you require more than just the username and password in order to get in (like a smart card or biometrics), you reduce the chance that an intruder could compromise the authentication process. Exactly what are you trying to do?
How about restricting them to access, and how about worrying
<snip...> The rest of your questions are valid concerns, and there are many products out there that will control exactly what corporate resources the user can access (and the time of day when the user can access them), and verifying that the client machine the user is using meets pre-determined security criteria (i.e. updated anti-virus definitions, no spywares found, up-to-date operating system patches, etc.). As part of your planning, you must also consider the risks of letting users use their home machines versus requiring them to use *only* authorized machines. Again, you need to do some homework and define more precisely what you are attempting to consider. Once you have done so, please post back on the list again with specific questions, and we'd be glad to help. SC
Current thread:
- VPN and Security Sohail Sarwar (Jun 18)
- Re: VPN and Security Simon Chang (Jun 19)
- RE: VPN and Security Murda Mcloud (Jun 19)
- RE: VPN and Security Michael J. Benedetto (Jun 19)
- RE: VPN and Security Nick Duda (Jun 19)
- RE: VPN and Security Cruse, Kevin (Jun 19)
- RE: VPN and Security Nick Duda (Jun 19)
- RE: VPN and Security Michael J. Benedetto (Jun 19)
- RE: VPN and Security Herb Steck (Jun 19)
- RE: VPN and Security Nick Duda (Jun 19)
- RE: VPN and Security Murda Mcloud (Jun 20)