VPN WAN

Elayoubi, Issam issam.elayoubi at EDS.COM
Tue Apr 11 12:29:57 EDT 2000


Although it is not a good practice to have your firewall and Router in the
same box, however, Cisco offers a great line of products that can do this.
Cisco 1700 series routers have all the bells and whistles of VPN and
security. At the same time, the Cisco IOS ( Router's operating system) has
built-in hooks to external authentication, auditing, etc... servers such as
RADIUS or TACAC+ based.

Cheers,

Issam
-----Original Message-----
From: Neil Ratzlaff [mailto:neil.ratzlaff at UCOP.EDU]
Sent: Tuesday, April 11, 2000 11:36 AM
To: VPN at SECURITYFOCUS.COM
Subject: VPN WAN


A high mucky-muck of my company wants to set up an NT domain with machines
scattered around the USA.  (Why is a little unclear to me, but he wants
it.....)  When this was proposed last year I screamed and they gave up, for
a while.  Now I want advice on whether putting a Cisco VPN router at each
office would be considered to offer enough security.  This is not for a lot
of traffic or for really important stuff.  They mostly claim to want to
share files and printers - even though no one can explain to me why someone
in Denver should want to print to a printer in Boston.  I doubt there are
firewalls or other network security at any of the sites.

I pointed out that the security risk is additive (actually x to the nth
power, but keep it simple) since compromise of one machine gives access to
all the others, and anyone who has access to any machine behind the router
probably can access all the NT machines in the domain.  This is acceptible
to them, since they already have NT domains scattered through a couple of
buildings (all behind the same firewall, though).

Is this considered safe?
Any suggestions for making this a safer project?
Any reasons or examples that indicate why this is a bad idea?

Thanks,
hermit1

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list