Penetration Testing mailing list archives
Risks associated to branch office IPSec devices
From: Rodrigo Blanco <rodrigo.blanco.r () gmail com>
Date: Tue, 21 Jun 2005 14:00:38 -0600
Hello list, I have just come across a doubt about branch office VPN devices. Normally, they are used so that a branch office's network - typically with a private addressing scheme - can securely connect to the headquarters' central network. Such VPN devices normally do not include a firewall, so I was wondering if this really represents a risk: Yes - it is a risk if the VPN device just acts as a router (no ACLs) and is attached to the Internet. No - because the addressing scheme behind it is private, hence non-routable, hence unreachable across the Internet (internet routers would drop packets with such destinations?) The only real risk I see is if the VPN device is cracked, and from there the security of the whole network (both brach office and headquarters) is exposed. Am I right? Any ideas would be more than welcome. Thanks in advance for your advice and best regards, Rodrigo.
Current thread:
- Risks associated to branch office IPSec devices Rodrigo Blanco (Jun 21)
- Re: Risks associated to branch office IPSec devices Matt Bellizzi (Jun 21)
- Re: Risks associated to branch office IPSec devices Chris Byrd (Jun 21)
- <Possible follow-ups>
- RE: Risks associated to branch office IPSec devices Steve Goldsby (ICS) (Jun 21)
- Re: Risks associated to branch office IPSec devices Matt Bellizzi (Jun 22)
- RE: Risks associated to branch office IPSec devices Robert Hines (Jun 22)
- Re: Risks associated to branch office IPSec devices Matt Bellizzi (Jun 22)
- RE: Risks associated to branch office IPSec devices Steve Goldsby (ICS) (Jun 22)