Firewall Wizards mailing list archives
Re: VPN for *DSL/CableModem Users
From: "Andrew J Bernoth/Boulder/IBM" <bernoth () us ibm com>
Date: Fri, 18 Aug 2000 12:42:14 -0600
Hi Mike,
I don't really understand your concerns. Your staff probably already have
Cable modems or DSL connections attached 7x24 and dial in to your office
LAN without dropping their personal internet connections. How do you stop
this currently without simply relying on Corporate policy and user honesty?
Don't they already have the ability to act as a gateway? VPN is just going
to force them to authenticate a different way, and with one-time passwords
they can't automate their login process. Any connectivity, including
dial-back solutions, can be considered a risk to you corporate LAN, but
users will want to work at home, and managers will want their staff to be
on call and connect at all hours of the day or night.
Regards,
Andrew J Bernoth
bernoth () us ibm com
"The views expressed above are my own and do not necessarily reflect those
of IBM"
"Michael C. Ibarra" <ibarra () hawk com>@nfr.net on 08/17/2000 03:14:30 PM
Sent by: firewall-wizards-admin () nfr net
To: <firewall-wizards () nfr net>
cc:
Subject: [fw-wiz] VPN for *DSL/CableModem Users
Hello:
I've been asked to perform the horrible task of allowing
in remote/home internet connections into a corporate LAN.
The firewall/s in question are a FW-1 and IPFilter (separate
machines) combo. The pipe decided upon was either DSL or
cable modems, based of course on availibilty. The present
method is an isdn/SecureID/dialback method. The present
corporate policy allows no inbound traffic from the inter-
net and allows a limited outbound connections, mainly http.
My feeling is that users, unable to reach their AOL/Napster/
whatever type of services could place a modem into these home
PC's, corporate owned but that doesn't matter, making that
box an insecure gateway or transfer point for a virus to the
corporate network. VPN's IMO would do little to protect a
machine which has a greater chance of becoming compromised,
besides breaking corporate security policy since all non-VPN
connections would probably allow those same services not
normally allowed in the office. My question, and thank you
for reading this far, is what VPN software and/or hardware
is recommended and what can be done to enforce the present
corporate policy (aside from asking users to sign an agreement).
Thank you all,
-mike
The information contained in this message
is not necessarily the opinion of Hawk
Technologies, Inc.
_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- VPN for *DSL/CableModem Users Michael C. Ibarra (Aug 18)
- Re: VPN for *DSL/CableModem Users Ray Hooker (Aug 19)
- <Possible follow-ups>
- RE: VPN for *DSL/CableModem Users Irwin Lazar (Aug 19)
- RE: VPN for *DSL/CableModem Users Starkey, Kyle (Aug 19)
- RE: VPN for *DSL/CableModem Users John Adams (Aug 20)
- RE: VPN for *DSL/CableModem Users Robert Purdy (Aug 21)
- RE: VPN for *DSL/CableModem Users sean . kelly (Aug 19)
- Re: VPN for *DSL/CableModem Users Chuck Fasching (Aug 19)
- Re: VPN for *DSL/CableModem Users Andrew J Bernoth/Boulder/IBM (Aug 19)
- Re: VPN for *DSL/CableModem Users Michael C. Ibarra (Aug 19)
- RE: VPN for *DSL/CableModem Users Jensen, Greg (Aug 20)
- Re: VPN for *DSL/CableModem Users amanda (Aug 20)
- Re: VPN for *DSL/CableModem Users Bill_Royds (Aug 20)
- RE: VPN for *DSL/CableModem Users Patrick Darden (Aug 21)