VPN's (fwd) - and personal firewalling
Jon Carnes
jonc at HAHT.COM
Tue Feb 22 15:58:01 EST 2000
If you are worried about your folks in the field (and you may well be!) then
I would suggest that you get them a decent firewalling program to run on
their boxen. For $40, you can buy software that will protect their machine.
I like BlackIce Defender ( http://www.netice.com ), which monitors any
attempts to get into their computer and makes sure that the attempts fail.
It also tells you when someone has been trying.
The users can have the firewall program up and running and still VPN in to
the company site, or browse the web.
----- Original Message -----
From: "Ryan Russell" <ryan at SECURITYFOCUS.COM>
To: <VPN at SECURITYFOCUS.COM>
Sent: Tuesday, February 22, 2000 2:48 PM
Subject: Re: VPN's (fwd)
> On Tue, 22 Feb 2000, Andrew Paul wrote:
>
> > You might check with the various VPN vendors. They should be able to
set up
> > a "route table" when the client software is enabled that states all
traffic
> > should go through the encrypted tunnel. I believe this can be set up on
the
> > VPNet VSU systems. They have a WIN95/98 and NT 4.0 client. It also may
be
> > a possibility in the Nortel Contivity product line.
> >
>
> That may not be sufficient. The attacker can still get packets to your
> VPN client. Even if the replies go back home, the attacker may still get
> them, depending on the firewall back home. I may cases, they'll get them
> with a translated source address, whcih for clever attackers won't slow
> them down at all, and may allow them to continue their connection just
> fine.
>
> Ryan
>
> VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list