Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

How secure is VPN access?

from [Hayden Searle] Network Security [Permanent Link]
Subject: How secure is VPN access?
Date: Fri, 19 Nov 2004 14:13:31 +1300 
Hi

The way we work here is there is a firewall after the VPN endpoint so we
can control the ports the VPN users can access. We do not allow file and
print (135, 139, 445 etc) or anything that is not essential. We only
allow access to specific hosts on said specific ports.
To our knowledge this is the most secure way we can do it to prevent the
outbreak of the more prevalent virii, worms etc on the net.

If your boss is worried about the home PC situation and only the company
laptops can connect....well most home users have xDSL or cable modems
for the speed of connectivity etc, or use wireless. Not many ISP's
control their systems with tight firewall rules so once the PC is on the
net it can be open to infection or compromise, which is how the things
spread in the first place (ISP's take little to no responsibility for
stopping net bourne virii and most are only starting to do email
worms/virii on their mail servers), as well as from the users home PC as
soon as it gets connected to the home network.

You can make remote access highly secure by only allowing certain groups
of people access to certain machines, but even with a firewall you cant
be 100% secure. The best way of doing it IMO is to have a VPN endpoint
with a firewall inside it, and inside the second firewall have an
IDS/IPS system to check the traffic and block anything malicious that
sneaks through. Also the company could purchase bulk licenses for
antivirus and personal firewalls and supply them to the users who
require remote access to help ensure network security.

Well that's my 2c worth anyway :)

Hayden Searle
Network Security Specialist

-----Original Message-----
From: Cesar Diaz [mailto:cdiaz00@gmail.com] 
Sent: Thursday, 18 November 2004 5:39 a.m.
To: security-basics@securityfocus.com
Subject: How secure is VPN access?

List,

After years of having VPN access for our remote users without a single
know security incident, my boss and I have to justify to her boss why
VPN is secure.

The CIO wants us to only allow users to access the network from
company laptops, not from their own home computers.  We currently will
allow users to install the VPN client software on their home computers
to connect remotely, or they can use Citrix through SSL access to get
to network resources.  His concern is that if a users home PC is
compromised, that compromise can spread to our network.

Is this a legitimate concern?  Can anyone point me in the direction of
some documentation backing either argument?

Thanks in advance for any help.

C
#####################################################################################
Important: This electronic message and attachments (if any) are confidential
and may be legally privileged. If you are not the intended recipient do not
copy, disclose or use the contents in any way. Please let us know by return
e-mail immediately and then destroy this message.
#####################################################################################
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: monitoring utility, aruna
Next by Date:  Re: radius+ wireless, Jimi Thompson
Previous by Thread:  Re: How secure is VPN access?, Jonathan Loh
Next by Thread:  FW: How secure is VPN access?, Stephane Auger
Indexes:  [Date] [Thread] [Top] [All Lists]