Re: Level3 routing issues?

[alex () yuriev com]

> On Mon Jan 27, 2003 at 03:03:09PM -0500, alex () yuriev com wrote:
> > > Alex, although technically correct, its not practical.  How many end users
> > > vpn in from home from say a public ip on their dsl modem leaving
> > > themselves open to attack but now also having this connection back to the
> > > "Secure" inside network.  Has anyone heard of any confirmed cases of this
> > > yet?
> > So then they are using a wrong tool. Using a wrong security tool tends to
> > bite one in the <censored>.
>
> So what's the right tool? Yes, dial or dsl directly into corporate network
> is my preferred option, but doesn't fit the corporate plan for the future.

Use a client that will push down corporate policy to the client.

> > Yes, I have seen attacks mounted via VPNs. Work like charm.
>
> As I suspected, but I keep being told that these problems were in old style
> VPN clients, and stuff is much better these days. I remain unconvinced.

VPN client creates a fake IP interface. If that interface deos not get the
policy of a corporate network, you have an open enterance. Some of the
clients (such as the ones CheckPoint has) do that. Others dont.

Alex