Penetration Testing mailing list archives
RE: Security and VPN
From: "Jessie Ling XX (MC/EPA)" <jessie.xx.ling () ericsson com>
Date: Wed, 20 Jun 2007 08:45:25 +1000
Hi We have many of our employees who worked from home. So all our employees use PCs supplied by the organisation and these PCs are installed with approved software and updated frequently. They also have Pointsec on it. Still there is no 100% protection from employees downloading stuff from the Internet. That is where the information security policy and awareness training comes in so employees are aware of the risks of downloading and misusing the laptops. Hope that helps. Regards Jessie. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Shenk, Jerry A Sent: Tuesday, 19 June 2007 9:18 PM To: Sohail Sarwar; James Patterson; pen-test () securityfocus com Cc: holstein.robert () bls gov Subject: RE: Security and VPN Well, like everything else in the security space, the answer is "it all dependes";) One of the first things I tell clients when they start talking about a VPN is that they are extending their network out to the VPN endpoint. Now that home desktop is on your network. If that home desktop has a worm, guess what, that worm is now on your network and if it can find one machine that's vulnerable, then you have two worms. What if that home computer has some kind of remote management software installed...like Back Orifice? You're probably a little short-staffed, right...well, now you have help;) The solutions are all over the place. If you have a Cisco VPN, then the remote management problem is turned off by default with their split tunnel feature. It forces all traffic through the tunnel. There are also clients that will force a virus scan of the workstation and force other policy changes. You can also put some restriction at the VPN termination point so that your VPN clients are restricted in what they do. There are all kinds of solutions but it depends on what you're running. You're started down the right path...VPNs can be scary! -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sohail Sarwar Sent: Monday, June 18, 2007 9:08 AM To: James Patterson; pen-test () securityfocus com Cc: holstein.robert () bls gov Subject: Security and VPN Hi there, I just wanted to put this out there. How secure is VPN. Meaning, if my users take home the client and install it on their desktop at home, and connect to the corporate network and production network, wheat are we really looking at. Are they secure or not. Two factor authentication would only help the authentication purpose and to protect the user name and password ? How about restricting them to access, and how about worrying about their home computer that can be effected. Has anyone been through this. Any one give home users a list of requirements that they must have before vpn can be offered to them ? Should there be some type of desktop policy installed on their home computer, just to protect the company network ? Any help and guidance would be great Regards, Sohail ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- RE: Security and VPN, (continued)
- RE: Security and VPN Zhihao (Jun 22)
- Re: Security and VPN Robin Wood (Jun 20)
- Re: Security and VPN Ben Nell (Jun 20)
- RE: Security and VPN Russell Butturini (Jun 21)
- Re: Security and VPN Kurt Buff (Jun 22)
- Re: Security and VPN Matthew Leeds (Jun 19)
- Re: Security and VPN Robert Hagen (Jun 19)
- Re: Security and VPN Thor (Hammer of God) (Jun 19)
- RE: Security and VPN Stong, Ian C CTR DISA GIG-CS (Jun 19)
- RE: Security and VPN Shenk, Jerry A (Jun 19)
- RE: Security and VPN Jessie Ling XX (MC/EPA) (Jun 19)
- RE: Security and VPN Petreski, Samuel (Jun 19)
- Re: Security and VPN Sat Jagat Singh (Jun 22)