Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How secure is VPN access?

from [Matvei Kliuchnikov] Network Security [Permanent Link]
Subject: RE: How secure is VPN access?
Date: Thu, 18 Nov 2004 09:10:53 -0800 
Quoth Cesar Diaz on 11/17/2004 8:38 AM:

List,

After years of having VPN access for our remote users without a single
know security incident, my boss and I have to justify to her boss why
VPN is secure.

The CIO wants us to only allow users to access the network from
company laptops, not from their own home computers.  We currently will
allow users to install the VPN client software on their home computers
to connect remotely, or they can use Citrix through SSL access to get
to network resources.  His concern is that if a users home PC is
compromised, that compromise can spread to our network.

Is this a legitimate concern?  Can anyone point me in the direction of
some documentation backing either argument?



Think about what VPN is. It's simply a way to cheaply and securely
connect remote sites. That's it. Once you're connected, you're
basically on the LAN. So any infection, viruses, etc. can be
transmitted just as easily (unless you've got a VLAN with further
firewalling between the two).

So, yes, letting users work from their personal systems *is* a
security risk, but there are ways to reduce that vulnerability.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: radius+ wireless // Yes.. It's true.., Steve Choi (drwx@Argos)
Next by Date:  RE: How secure is VPN access?, Javier Otero De Alba
Previous by Thread:  RE: How secure is VPN access?, Alsobrook, Taylor (C.)
Next by Thread:  Re: How secure is VPN access?, K. K. Mookhey
Indexes:  [Date] [Thread] [Top] [All Lists]