On 3 Aug 2003, Ron Johnson wrote:
> On Sun, 2003-08-03 at 01:50, Alvin Oga wrote:
...
> > f) if you allow vpn from home and wireless access to internal servers
> > than you've got some serious "network security policy and enforcement"
> > problems
>
> Not as much as you might think.
i'd be worried about the home fw, home router, esp if its linux ( x86
based ) ... and less worried about the windoze boxes behind the fw
-- all traffic goes out/in thru the home users fw and/or gw ...
and that's the box i'd worry about as it'd be the first point
of attack to the home lan or its dns servers
- lots of ways to get into the corp lan from the relatively
less secure "home" network
- but the corp security folks' home lan is probably
tighter than the corp lan they maintain to keep the
ceo/cfo/foo-managers happy and off the admin's back by
opening a hole here and bigger hole there because
the managers can't do their jobs due to security restraints
- and who's the one losing the laptops when on the road ??
i worked at a place where 10% - 20% of the laptops were
either stolen or "dropped and thrown away" and they want
a new laptop .. that company went "poof" in a cloud of blue
smoke
c ya
alvin
> On my work-from-home computer (WFH), which, unfortunately, is Win2k,
> there are 2 NICs, 1 for the outside world (that is connected to the
> cable modem via a switch), and 1 for the internal LAN.
>
> When I fire up the VPN s/w (which I configured to use the "outside
> NIC"), it disables the "inside NIC", thus closing off a bad security
> loophole.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
