Penetration Testing mailing list archives

Re: Security and VPN

From: Sat Jagat Singh <flyingdervish () yahoo com>
Date: Fri, 22 Jun 2007 13:30:58 -0700 (PDT)

Many good points have been made on this question.  One
more to consider is that many organizations have a
policy of not allowing any network access from
employee owned computing devices.  Obviously the
effect being that you would need to issue laptops to
anyone requiring VPN access.  The upside being that
you then control the configuration, you can have your
management interfaces on it, set to check in with your
servers for configuration updates, and concerns over
the insecurity of somebody's home system are a bit
smaller.

If you do go this route, I would suggest to disable
password caching and have the users log onto the units
with a local account.  Otherwise, a hash of your (and
possibly the domain admin account) password is
floating around out there at large for cracking since
you will have logged onto the unit to do configuration

--- Sohail Sarwar <ssarwar () ecredit com> wrote:

Hi there,

      I just wanted to put this out there.  How secure is
VPN.
Meaning, if my users take home the client and
install it on their
desktop at home, and connect to the corporate
network and production
network, wheat are we really looking at.  Are they
secure or not.

      Two factor authentication would only help the
authentication
purpose and to protect the user name and password ?

      How about restricting them to access, and how about
worrying
about their home computer that can be effected.

      Has anyone been through this.  Any one give home
users a list of
requirements that they must have before vpn can be
offered to them ?

      Should there be some type of desktop policy
installed on their
home computer, just to protect the company network ?
 Any help and
guidance would be great

Regards,
Sohail

------------------------------------------------------------------------

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020

------------------------------------------------------------------------




       
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/  

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Re: Security and VPN, (continued)
- - - Re: Security and VPN Ben Nell (Jun 20)
    - RE: Security and VPN Russell Butturini (Jun 21)
    - Re: Security and VPN Kurt Buff (Jun 22)
- Re: Security and VPN Matthew Leeds (Jun 19)
- Re: Security and VPN Robert Hagen (Jun 19)
- Re: Security and VPN Thor (Hammer of God) (Jun 19)
- RE: Security and VPN Stong, Ian C CTR DISA GIG-CS (Jun 19)
- RE: Security and VPN Shenk, Jerry A (Jun 19)
  - RE: Security and VPN Jessie Ling XX (MC/EPA) (Jun 19)
- RE: Security and VPN Petreski, Samuel (Jun 19)
- Re: Security and VPN Sat Jagat Singh (Jun 22)