Firewall Wizards mailing list archives
RE: Application requires VPN - How are these handled?
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Wed, 2 Apr 2003 08:00:59 -0500
It's certainly a valid point. Trust (or untrust) should be a two-way model, and I don't see why you should trust what will or won't be allowed from their network to yours. Ideally, you would want to terminate this tunnel at a point where you can then control packet and application data with a firewall of some type. Never underestimate the power of the almighty dollar - if this is to accommodate a service you pay for, don't be afraid to ask for a solution that meets with your organization's security policies. Only the biggest (and most foolish) vendors will let a services customer slip away over something this relatively small. In the event that they don't budge and you don't have other options, a DMZ or other untrusted segment is an OK way to go. You may also consider a personal firewall for the workstation. PaulM
-----Original Message----- From: Michele Jordan <michele () michelejordan net>@AICNOTES Sent: Tuesday, April 01, 2003 12:49 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Application requires VPN - How are these handled? I'm curious how others are handling this situation: Vendor has an application, that requires VPN access to the vendor's network. I am being asked to install this on a computer and then pass that VPN traffic through the firewall. Obviously, I am reluctant to create a VPN from a vendor to the inside of the corporate network, regardless of the size or name of that vendor. I am suggesting we implement a machine on a DMZ to do this, keeping that away from the corporate network. Other thoughts? Thanks -Michele _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: tunnel vs open a hole, (continued)
- Re: tunnel vs open a hole Adam Shostack (Apr 06)
- Re: tunnel vs open a hole Mikael Olsson (Apr 06)
- Re: tunnel vs open a hole Bernie, CTA (Apr 06)
- Re: tunnel vs open a hole Christine Kronberg (Apr 07)
- Re: tunnel vs open a hole Anton A. Chuvakin (Apr 07)
- Re: tunnel vs open a hole R. DuFresne (Apr 07)
- Re: tunnel vs open a hole Dave Rinker (Apr 07)
- Re: tunnel vs open a hole Mikael Olsson (Apr 08)
- Re: tunnel vs open a hole Bill Royds (Apr 08)