Penetration Testing mailing list archives
RE: Risks associated to branch office IPSec devices
From: "Steve Goldsby (ICS)" <sgoldsby () integrate-u com>
Date: Tue, 21 Jun 2005 20:05:10 -0500
First time someone brings in an infected file or downloads something with malware on it from the internet, watch the entire VPN-connected enterprise meltdown. We saw an ENTIRE STATE network do this. Steve Goldsby, CEO Integrated Computer Solutions, Inc. -- 334.270.2892 www.integrate-u.com / www.networkarmor.com A Democracy cannot exist as a permanent form of government. It can only exist until a majority of voters discover that they can vote themselves largesse out of the public treasury. -- Alexander Tyler Scottish Historian -----Original Message----- From: Rodrigo Blanco [mailto:rodrigo.blanco.r () gmail com] Sent: Tuesday, June 21, 2005 3:01 PM To: pen-test () securityfocus com Subject: Risks associated to branch office IPSec devices Hello list, I have just come across a doubt about branch office VPN devices. Normally, they are used so that a branch office's network - typically with a private addressing scheme - can securely connect to the headquarters' central network. Such VPN devices normally do not include a firewall, so I was wondering if this really represents a risk: Yes - it is a risk if the VPN device just acts as a router (no ACLs) and is attached to the Internet. No - because the addressing scheme behind it is private, hence non-routable, hence unreachable across the Internet (internet routers would drop packets with such destinations?) The only real risk I see is if the VPN device is cracked, and from there the security of the whole network (both brach office and headquarters) is exposed. Am I right? Any ideas would be more than welcome. Thanks in advance for your advice and best regards, Rodrigo.
Current thread:
- Risks associated to branch office IPSec devices Rodrigo Blanco (Jun 21)
- Re: Risks associated to branch office IPSec devices Matt Bellizzi (Jun 21)
- Re: Risks associated to branch office IPSec devices Chris Byrd (Jun 21)
- <Possible follow-ups>
- RE: Risks associated to branch office IPSec devices Steve Goldsby (ICS) (Jun 21)
- Re: Risks associated to branch office IPSec devices Matt Bellizzi (Jun 22)
- RE: Risks associated to branch office IPSec devices Robert Hines (Jun 22)
- Re: Risks associated to branch office IPSec devices Matt Bellizzi (Jun 22)
- RE: Risks associated to branch office IPSec devices Steve Goldsby (ICS) (Jun 22)