First time someone brings in an infected file or downloads something
with malware on it from the internet, watch the entire VPN-connected
enterprise meltdown.
We saw an ENTIRE STATE network do this.
Steve Goldsby, CEO
Integrated Computer Solutions, Inc. -- 334.270.2892
www.integrate-u.com / www.networkarmor.com
A Democracy cannot exist as a permanent form of government. It can only
exist until a majority of voters discover that they can vote themselves
largesse out of the public treasury. -- Alexander Tyler Scottish
Historian
-----Original Message-----
From: Rodrigo Blanco [mailto:rodrigo.blanco.r@gmail.com]
Sent: Tuesday, June 21, 2005 3:01 PM
To: pen-test@securityfocus.com
Subject: Risks associated to branch office IPSec devices
Hello list,
I have just come across a doubt about branch office VPN devices.
Normally, they are used so that a branch office's network - typically
with a private addressing scheme - can securely connect to the
headquarters' central network.
Such VPN devices normally do not include a firewall, so I was wondering
if this really represents a risk:
Yes - it is a risk if the VPN device just acts as a router (no ACLs) and
is attached to the Internet.
No - because the addressing scheme behind it is private, hence
non-routable, hence unreachable across the Internet (internet routers
would drop packets with such destinations?)
The only real risk I see is if the VPN device is cracked, and from there
the security of the whole network (both brach office and
headquarters) is exposed. Am I right?
Any ideas would be more than welcome. Thanks in advance for your advice
and best regards,
Rodrigo.
