Re: How safe is a VPN connexion from within an internal network?

I think what he means by disconnecting is not enabling split  
tunneling.  So the only connections allowed are through the tunnel  
and then at the tunnel endpoint you can control where the user has  
access.
On Nov 22, 2006, at 9:56 AM, Jeffrey F. Bloss wrote:

> David Jacoby wrote:
>
> > There are a few solutions for this, ive seen some VPN clients that
> > disconnects the client machine from the Internet once the VPN
> > connection is established, this will prevent the attacker to keep his
> > connection because the client machine only allows connection to be
> > sent to the remote network via the VPN client, no other connections
> > are allowed.
>
> Just out of idle curiosity, how would one "disconnect the client from
> the Internet" when it's typically the Internet that's being used to
> establish the VPN tunnel? :)
>
> I suppose a piece of software could go to great lengths trying to
> prevent any and all connections that weren't VPN, but this would be a
> daunting task even if we weren't adding to the mix a condition like
> being compromised. Even without that I just don't see this alleged
> disconnection as being all that comforting, and a cracker mucking
> around in your machine for a few minutes might turn it into one of
> those (false sense of) security nightmares.
>
> --
> Hand crafted on 22 November, 2006 at 12:46:49 EST using
> only the finest domestic and imported ASCII.
>
> Do not meddle in the affairs of dragons, for you
> are crunchy and good with ketchup.