Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How secure is VPN access?

from [Javier Otero De Alba] Network Security [Permanent Link]
Subject: RE: How secure is VPN access?
Date: Thu, 18 Nov 2004 15:11:47 -0600 
For movile users you can use products like Juniper Secure Access, you can 
control aplications, ports, IPs that they can use, have a checker for valid Av, 
personal FW, apliccation and MD5 of this, diferent autentication methods, roles.
Some hospital use for the doctors and HIPA.
You can use with cirix, netilla or MS terminal access.

Ing. Fco. Javier Otero De Alba
Diplomado en Seguridad Informática ITESM CEM 
ITStrap
Product Manager 

5243-4782 al 84 Ext.300
México, D.F. 



-----Mensaje original-----
De: dave kleiman [mailto:dave@isecureu.com]
Enviado el: Miércoles, 17 de Noviembre de 2004 11:12 p.m.
Para: 'Cesar Diaz'; security-basics@securityfocus.com
Asunto: RE: How secure is VPN access?


Cesar,

Would allow a user to bring their home computer to the office, and just hand
them an IP and allow them full network access?

Do your users have access to network resources through the VPN?

They can spread viruses, Trojans etc. to the network from the VPN.

No, you definitely should not let home computers access the VPN, you should
have complete control of the systems that do access via VPN and keep them
up-to-date, etc.

Citrix is a different story, as long as you restrict drive and port
redirection, it can be a "better-controlled" situation.


______________________________________
Dave Kleiman, CISSP, CISM, CIFI, MCSE
www.SecurityBreachResponse.com



 

-----Original Message-----
From: Cesar Diaz [mailto:cdiaz00@gmail.com] 
Sent: Wednesday, November 17, 2004 11:39
To: security-basics@securityfocus.com
Subject: How secure is VPN access?

List,

After years of having VPN access for our remote users without a single know
security incident, my boss and I have to justify to her boss why VPN is
secure.

The CIO wants us to only allow users to access the network from company
laptops, not from their own home computers.  We currently will allow users
to install the VPN client software on their home computers to connect
remotely, or they can use Citrix through SSL access to get to network
resources.  His concern is that if a users home PC is compromised, that
compromise can spread to our network.

Is this a legitimate concern?  Can anyone point me in the direction of some
documentation backing either argument?

Thanks in advance for any help.

C
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: How secure is VPN access?, Matvei Kliuchnikov
Next by Date:  Re: Secure FTP Client, STE-MARIE, ERIC
Previous by Thread:  Re: How secure is VPN access?, K. K. Mookhey
Next by Thread:  Re: How secure is VPN access?, Jonathan Loh
Indexes:  [Date] [Thread] [Top] [All Lists]