Re: VPN clients and security models

[Valdis.Kletnieks () vt edu]

On Tue, 28 Jan 2003 11:52:39 EST, alex () yuriev com  said:

> Welcome to the world of formal security models. If in theory a VPN is
> nothing more than a tool of extending the security policy of a site to a
> remote location, then it does not matter what kind of things you try to
> achieve with it, it *wont* work for anything other than extending a security
> model of a site to a remote location. Can one try to use it for something
> else? Sure, one can. It may even work for a little bit, as long as it does
> not contradict that security model.

Right. In the *formal* sense, this is correct.

But that's not how things work out in the Real World.  As I pointed out
before, you have *USERS* involved, and they'll do stupid things like try
to connect their laptop to the internet.  And as I also pointed out,
if the head of a TLA screws up and Gets This Wrong, why should we expect
untrained, non-security-aware users to Get It Right?

The problem is exacerbated by the fact that these mobile laptops are usually
*NOT* configured like a kiosk, where the user is unable to make any changes.

> that site, then why are you not using the site mail server or why is the VPN
> client lets you not use it? If it does not enforce the site's security
> policy, then it is a BAD VPN client.

And when the VPN client isn't even running, what stops the user from changing
the mail software config to fetch his mail from some other server like AOL or
MSN or whatever?

Remember - users do NOT care about security.  Users care about finishing
whatever task THEY are busy with, which is almost never security.
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description: