Firewall @ remote location
Stephen Hope
SHOPE at datarange.co.uk
Thu Oct 28 04:44:08 EDT 1999
Treat this as a remote PC rather than an office, and use a secure client on
the remote PC.
Changing the definition of the remote site to a remote user may alter the
way you are allowed to set it up (political issue rather than engineering).
The easiest choice is probably a PC client that is supported / provided by
whatever type of firewall you have.
Main remaining issue is how / whether you isolate the remote PC from any
access to the Internet - you would probably want to force the remote user to
go via the VPN and your central firewall to enforce any usage policy /
security etc., or the remote PC becomes a weak point between your internal
network via the VPN and the Internet. This is why a lot of companies go for
firewalls at each site.
Other things to take into account
- a bank may well run separate security and networking groups who manage
their own systems separately and want the architecture enforced throughout
the network (i.e. they dont like all control in 1 place / 1 group of
engineers).
- there may be "due diligence" issues for a bank imposed by a regulator
about security.
Stephen Hope C. Eng, Network Consultant
shope at datarange.co.uk, or shope at bcs.org.uk
Datarange Communications PLC, Carrington Business Park, Carrington,
Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4190 Mob: +44 (0)467 256 180 Fax: +44 (0)161 776 4189
-----Original Message-----
From: Danilo Dessi [mailto:ddessi at ibm.net]
Sent: Wednesday, October 27, 1999 12:17 AM
To: vpn at listserv.secnetgroup.com
Subject: Firewall @ remote location
I am planning a "VPN" to connect a bank's head office with a small rep.
office. My question regards firewalls. Since there will only be one
computer at the rep office it is very hard to justify a firewall which can
cost more than the computer. The rep office will have a DSL connection to
the Internet. I would like to know if there are other considerations other
than the fact that the line is always up why I should have a firewall at the
remote location. In other words is there more risk (exposure to hackers) at
the rep office compared with a telecommuter who dials up from a remote
connection and then hangs-up when he/she is finished working? Can a hacker
actually gain access to the head office LAN by comprimising the computer
located at the rep. office?
Thank you to all replies,
Danilo
****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
We are currently experiencing "unsubscribe" difficulties. If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
****************************************************************
More information about the VPN
mailing list