VPN's (fwd) - and personal firewalling
carlsonmail at YAHOO.COM
Tue Feb 22 17:15:16 EST 2000
I'm not sure if this is officially released yet...
CheckPoint SecureClient 4.1, their enhanced VPN
client, includes a personal firewall module that is
installed on the end-user's machine as part of the VPN
The cool thing about this? All firewall policies for
the SecureClient are managed and maintained from the
company's central server that gets pushed down to the
user each time s/he logs into the VPN.
This secures the end-user's machine even when they're
not on the VPN and everything is managed by the
company's security admins.
Hope this helps.
--- Jon Carnes <jonc at HAHT.COM> wrote:
> If you are worried about your folks in the field
> (and you may well be!) then
> I would suggest that you get them a decent
> firewalling program to run on
> their boxen. For $40, you can buy software that
> will protect their machine.
> I like BlackIce Defender ( http://www.netice.com ),
> which monitors any
> attempts to get into their computer and makes sure
> that the attempts fail.
> It also tells you when someone has been trying.
> The users can have the firewall program up and
> running and still VPN in to
> the company site, or browse the web.
> ----- Original Message -----
> From: "Ryan Russell" <ryan at SECURITYFOCUS.COM>
> To: <VPN at SECURITYFOCUS.COM>
> Sent: Tuesday, February 22, 2000 2:48 PM
> Subject: Re: VPN's (fwd)
> > On Tue, 22 Feb 2000, Andrew Paul wrote:
> > > You might check with the various VPN vendors.
> They should be able to
> set up
> > > a "route table" when the client software is
> enabled that states all
> > > should go through the encrypted tunnel. I
> believe this can be set up on
> > > VPNet VSU systems. They have a WIN95/98 and NT
> 4.0 client. It also may
> > > a possibility in the Nortel Contivity product
> > >
> > That may not be sufficient. The attacker can
> still get packets to your
> > VPN client. Even if the replies go back home, the
> attacker may still get
> > them, depending on the firewall back home. I may
> cases, they'll get them
> > with a translated source address, whcih for clever
> attackers won't slow
> > them down at all, and may allow them to continue
> their connection just
> > fine.
> > Ryan
> > VPN is sponsored by SecurityFocus.COM
> VPN is sponsored by SecurityFocus.COM
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
VPN is sponsored by SecurityFocus.COM
More information about the VPN