Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SSL VPN Tunnels and Virus Transmission

from [chris.norris] Network Security [Permanent Link]
Subject: RE: SSL VPN Tunnels and Virus Transmission
Date: Fri, 19 Nov 2004 18:31:19 -0000 
Well yes and no, a well designed SSL VPN solution will terminate the
incoming connection on port 445 within the SSL VPN appliance itself.
The data requested is then re-requested by the SSL VPN appliance from the
relevant server and sent back to the requestor. This breaks the chain -
additionally a dedicated SSL VPN appliance such as the Aventail EX-750 or
1500 can actively scan your PC before connection adding another layer of
security and allowing the IT dept to maintain control over 'unknown' PC's.

OTHH: An IPSEC VPN connection typically allows an open end-to-end tunnel to
be created which blows by the firewall/download scanners and will allow a
port-scanning/share-scanning virus or worm to deploy it's payload (I've
witnessed this happening). A secured IPSEC VPN such as MS ISA 2004 on a 2003
server allows firewalling the VPN connection which improves matters.

Hope that helps

Chris Norris
Technical Director
Red Hot Networks Ltd
0870-2424981

-----Original Message-----
From: Evan Mann [mailto:emann@pinnaclefinancial.com] 
Sent: 18 November 2004 22:27
To: Beauford, Jason
Cc: focus-virus@securityfocus.com
Subject: RE: SSL VPN Tunnels and Virus Transmission

Sure, why the heck not?  All an SSL VPN tunnel does is provide an SSL
encrypted VPN tunnel between said unsecured/infected machine and your
internval virus protected number, that's all the VPN does.  It does not
offer virus protection or threat protection.  It created a virtual tunnel
making that said infected computer be almost just like it was
sitting in your internal virus protected network.   All a virus has to
do is have logic to look for available networks and then travel across them,
not difficult.

You'd need to have other measures in place to protect your internal network
such as a quarantine that requires a virus scan/clean or installation on any
machine connecting over VPN, or you could secure the VPN to only allow
certain ports of traffic, etc.
 

-----Original Message-----
From: Beauford, Jason [mailto:jbeauford@EightInOnePet.com]
Sent: Thursday, November 18, 2004 5:18 PM
To: focus-virus@securityfocus.com
Subject: SSL VPN Tunnels and Virus Transmission

Group,
 
I want to know if it is possible / plausible that a virus can travel from an
unsecured and infected machine to an internal virus protected network via an
encrypted SSL VPN tunnel?
 
Thanks in advance.
 
JMB

--
This email has been verified as Virus free Virus Protection and more
available at http://www.plus.net

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.798 / Virus Database: 542 - Release Date: 18/11/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.798 / Virus Database: 542 - Release Date: 18/11/2004
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Manageable Spyware Solutions?, tito.basa
Next by Date:  Re: Manageable Spyware Solutions?, James E. Bunting
Previous by Thread:  RE: SSL VPN Tunnels and Virus Transmission, Evan Mann
Next by Thread:  Re: SSL VPN Tunnels and Virus Transmission, Mercer, Shane
Indexes:  [Date] [Thread] [Top] [All Lists]