VPN's from a Security perspective.

[Ryan Russell]

>1. How secure am I (remote client) and my fellow workers from the other
>companies site? Am I putting a great deal of trust in them? Can anyone at the
>other company tunnel back (or spoof the tunnel) into my segment?

This is asking if the crypto is secure.  It's hard to answer.  So far,
the only VPN I'm aware of that's had much public review is
PPTP.  While I'll bash MS as much as the next guy, I suspect that other
VPNs wouldn't hold up so great, either.

The only difference being at a company like in your situation is that
you KNOW there is someone who's quite capable of sniffing your
traffic.  They've (presumably) got a nice single choke point where
your traffic will pass.  (Of course, the same capability exists at
any given ISP, but there's a general assumption, probably bad, that
they won't do that.)

>2.  What are the best ways to protect the client in this case? (i.e. Install
>personal firewall, segment machine from others, require network disconnect
prior
>to VPN connection).

Personal firewall.  I'm not seeing how the others are options... you have to
use their network to get to yours, right?

>3. If I install a VPN box on my site and set up a site to site VPN tunnel with
>the other company, will this architecture allow for improved security? Is VPN
>interoperability now at the stage that my VPN box does not need to be that same
>make as the other companies?

That's logically equivalent to user->site VPN + firewall, if you're still
talking about just yourself.

                         Ryan

VPN is sponsored by SecurityFocus.COM