VPN clients and Internet browsing

Jon Carnes jonc at nc.rr.com
Fri Jun 22 14:37:19 EDT 2001 

This topic has been covered a few times.

In general, you should mandate that all your home users and travelling 
users use either a personal firewall or some sort of hardware firewall.

A lot of folks recommend Zone Alarm for their dial-up users (as do I).  It 
is a personal firewall (a program that runs on your laptop or pc and 
protects that machine).  It is free for personal use, but if you mandate 
that folks use it, you should pay for it.

I also advocate the use of a cheap hardware firewall for broadband users 
(Cable modem or DSL internet access).  The Linksys is my favorite.  
Broadband users are a major target for hackers.

Your home users will be amazed at how often they are probed by hackers.  It 
is very unsafe to allow remote users access to your internal networks 
unless they are first protected.
===

Note that for a VPN to work, your users must have access to the internet, 
and network packets from the internet must be able to reach your users 
machine.  Your best security is to let a firewall determine which packets 
should actually interact with the users machine.

Once in place, it will be fine to allow folks to access your internal 
networks *and* to browse the internet.

Jon Carnes
===   
On Friday 22 June 2001 09:31, john.smith at minolta-qms.com wrote:
> All,
>
> 	The archives didn't turn up much but I may not have been using the
> right search criteria.
>
> 	We are looking for suggestions on how best to handle allowing users
> connecting to our internal network via VPN to continue web browsing.  The
> users want both but there have been some concerns raised since at that
> point you're security is only as strong as the (in)security of the user's
> PC. This is assuming I am understanding everything correctly (not
> necessarily a good assumption:).
>
> 	Our setup would look like:
>
> some.website.somewhere ----- Internet ----- User PC
>
>
>
> 			     Firewall ---- DMZ
>
> 				|	 VPN Box
>
> 			     Internal	    |
> 			      Router --------
>
> If there's anything I'm missing in this configuration please let me know.
>
> Thanks for any and all help.
>
> John Smith
>
> VPN is sponsored by SecurityFocus.com


VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list