Firewall @ remote location
Laurent Hebert
lhebert at netesys.com
Thu Oct 28 09:25:20 EDT 1999
The answer is yes. A hacker can use tools to access that PC and retreive
the informations needed (including crypto keys and user P/W) to used them
to login to your site (ex. Back Orifice 2000). My recommendation would be
to install a personnal PC F/W (ex. Conseal PC F/W) on that PC in
conjunction with the VPN S/W Client. Make sure that when that PC is
connected to your site (via VPN) that he does not have access to surf the
Net at the same time. This is to avoid the possibility that a hacker can
use that path to remotly control that PC and access your site.
Ideally, you should also consider the use of a Tolen based system (ex.
Security Dynamics) to ensure that you really communicate with your rep.
Laurent
Network Consultant,
Netesys
----------
De : Danilo Dessi <ddessi at ibm.net>
A : vpn at listserv.secnetgroup.com
Objet : Firewall @ remote location
Date : 26 octobre, 1999 19:17
I am planning a "VPN" to connect a bank's head office with a small rep.
office. My question regards firewalls. Since there will only be one
computer at the rep office it is very hard to justify a firewall which can
cost more than the computer. The rep office will have a DSL connection to
the Internet. I would like to know if there are other considerations other
than the fact that the line is always up why I should have a firewall at
the remote location. In other words is there more risk (exposure to
hackers) at the rep office compared with a telecommuter who dials up from a
remote connection and then hangs-up when he/she is finished working? Can
a hacker actually gain access to the head office LAN by comprimising the
computer located at the rep. office?
Thank you to all replies,
Danilo
****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
We are currently experiencing "unsubscribe" difficulties. If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
****************************************************************
More information about the VPN
mailing list