Re: Re: How safe is a VPN connexion from within an internal network?

Before this turns into more of a flame, let me just say you both are correct.

Yes, you cannot turn off the Internet connection, ala pulling out the physical 
network cable, and maintain your VPN connection.

But yes, there are ways to fiddle with Windows routing so that once a piece of 
software (common with Cisco VPN) connects a PC to a remote network using a VPN, 
that client PC can no longer access its own local resources or even an Internet 
connection via its own gateway, logically. Instead, it acts like it is on the 
remote network and goes out through its gateway for Internet access.

This is common with Cisco, and as such, Cisco won't play well with complex 
requirements or multiple VPN software being used at the same time. It 
effectively takes over what Windows can see on the network.

Jeffrey, I think you might be getting something else otherwise confused. It is 
quite a problem to have a VPN client that is already compromised to call back 
out to the Internet and possibly offer up a shell to the attacker. This 
connection, depending on the VPN software, will go out through the remote 
network gateway. To the attacker, it doesn't much matter where the client is 
located, or what network it appears to be coming from.