nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Level3 routing issues?

From: Scott Granados <scott () wworks net>
Date: Mon, 27 Jan 2003 11:58:44 -0800 (PST)

Alex, although technically correct, its not practical.  How many end users
vpn in from home from say a public ip on their dsl modem leaving
themselves open to attack but now also having this connection back to the
"Secure" inside network.  Has anyone heard of any confirmed cases of this
yet?


On Mon, 27 Jan 2003 alex () yuriev com wrote:




Note that in the case of a worm, a VPN could work against you.  If you
have all the right filters in place at your "perimeter" and yet let
your employees in through a VPN solution of some sort, you could still
be screwed if one of their home systems gets infected somehow.


So what you're saying is that a really good worm could infiltrate any secure
network by targetting those who vpn from exterior sources, collect data, and
then run? Hmmm. Wait a sec. Would that constitute a worm if it had purpose?



This is not correct. VPN simply extends security policy to a different
location. A VPN user must make sure that local security policy prevents
other traffic from entering VPN connection.

Alex
Previous By Date Next
Previous By Thread Next

Current thread: