Firewall Wizards mailing list archives
Re: worm + VPN + firewall
From: Bennett Todd <bet () rahul net>
Date: Mon, 18 Aug 2003 09:42:18 -0400
2003-08-18T07:11:43 Paul Robertson:
Let's face it- VPNs should be more restricted than internal users for most, if not all implementations.
When using VPNs for remote access, the above statement is certainly dead on target. I think VPNs are a very poor choice for remote access, as is direct unencrypted ppp dialin. Anything extending IP connectivity from the company net to users' home systems is fraught. Remote access is best delivered via thin clients; ssh (configured to block all forwarding) for people who work shell, web portals for the rest, all with suitable token auth (SecurID or Opie have worked well for me). VPNs on the other hand are often a reasonable choice as an alternative to a leased line for branch offices; in that context, firewalling the VPN termination is no more or less appropriate than any other balkanizing of the internal net. -Bennett
Attachment:
_bin
Description:
Current thread:
- worm + VPN + firewall Mordechai T. Abzug (Aug 15)
- Re: worm + VPN + firewall R. DuFresne (Aug 15)
- Re: worm + VPN + firewall Carric Dooley (Aug 17)
- Re: worm + VPN + firewall R. DuFresne (Aug 18)
- Re: worm + VPN + firewall Paul Robertson (Aug 18)
- Re: worm + VPN + firewall Bennett Todd (Aug 18)
- Re: worm + VPN + firewall Carric Dooley (Aug 17)
- Re: worm + VPN + firewall R. DuFresne (Aug 15)
- RE: worm + VPN + firewall lordchariot (Aug 15)
- <Possible follow-ups>
- RE: worm + VPN + firewall Ames, Neil (Aug 15)
- RE: worm + VPN + firewall Steve Evans (Aug 15)