Firewall Wizards mailing list archives
Re: Application requires VPN - How are these handled?
From: m p <sumirati () yahoo de>
Date: Wed, 2 Apr 2003 14:39:47 +0200 (CEST)
--- Michele Jordan <michele () michelejordan net> schrieb:
I'm curious how others are handling this situation: Vendor has an application, that requires VPN access to the vendor's network. I am being asked to install this on a computer and then pass that VPN traffic through the firewall. Obviously, I am reluctant to create a VPN from a vendor to the inside of the corporate network, regardless of the size or name of that vendor. I am suggesting we implement a machine on a DMZ to do this, keeping that away from the corporate network. Other thoughts?
Hi Michele, we were asked to do the same by a big database vendor. Let me tell the story: They were in-house to build a prototype for some mail-application. They told the people managing the project "We need a link via VPN to our company." We, the firewall group, said "OK, you go into the DMZ with a proxy+paketfilter between you and the prototype. You will tell us beforehand what you want to do and what for.". (We could not put the prototype into a DMZ at that time - otherwise both would have landed in the same). They accepted. After the VPN worked and they tried to "access" the system they cried "We can't connect to those windows shares". We said "You only wanted Terminalservices." The point was: The developers in-house were not those who knew that much. They needed help from their senior-counterparts and they tried to hide it (they wanted to upload some config and code and make it work on the prototype system). Conclusion: If you can, put them into the DMZ. Marc __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: tunnel vs open a hole, (continued)
- Re: tunnel vs open a hole Frank Knobbe (Apr 08)
- Re: tunnel vs open a hole Adam Shostack (Apr 06)
- Re: tunnel vs open a hole Mikael Olsson (Apr 06)
- Re: tunnel vs open a hole Bernie, CTA (Apr 06)
- Re: tunnel vs open a hole Christine Kronberg (Apr 07)
- Re: tunnel vs open a hole Anton A. Chuvakin (Apr 07)
- Re: tunnel vs open a hole R. DuFresne (Apr 07)
- Re: tunnel vs open a hole Dave Rinker (Apr 07)
- Re: tunnel vs open a hole Mikael Olsson (Apr 08)
- Re: tunnel vs open a hole Bill Royds (Apr 08)