[vpn] VPN and firewall question

Mark Priebatsch mark.priebatsch at activcard.com.au
Wed Oct 10 14:11:54 EDT 2001


Sorry could you explain further.  If the client is running a VPN client to a
VPN gateway and it has been set that it will only receive encrypted traffic
on its network interface when connected to/from the VPN gateway, then how
can another Internet user get access to the PC while connected.
(0.0.0.0/0.0.0.0 is handled by teh VPN Gateway.  I know that this has some
requirements on the IPSec driver.

I am not covering off the scenarios of when not VPN connected, and/or the
IPSsec driver running in passive/unconnected mode, just for when the PC is
connected.

regards,

_Mark

-----Original Message-----
From: Christopher Gripp [mailto:cgripp at axcelerant.com]
Sent: 10 October 2001 06:17
To: Mason, David; Hari Kannan; vpn at securityfocus.com
Cc: hkannan at home.com
Subject: RE: [vpn] VPN and firewall question


Just because the only route the PC has while running the VPN client is
the corp firewall doesn't mean the PC at home is protected by the corp
firewall. That is the old 'if I can't see you, you can't see me' theory
and it sucks.

f it has an Internet connection then it is susceptible to attacks from
others on the Internet.  Period.

A personal FW, software or hardware, is a MUST if you care about being
hacked or DoS'd.  The assumption that there is no way to hack a PC
running a VPN client is not a safe one to make.  You have to consider
the potential risk of information that resides locally on that remote
system.  It isn't necessarily about being able to gain access to the
corporate network as much as obtaining sensitive data from the
compromised PC.  That could be in the form of accounting spreadsheets,
contact lists or any number of proprietary and confidential material a
remote user might save on their system.




Christopher Gripp
Systems Engineer
Axcelerant



-----Original Message-----
From: Mason, David [mailto:David_Mason at NAI.com]
Sent: Tuesday, October 09, 2001 11:22 AM
To: 'Hari Kannan'; vpn at securityfocus.com
Cc: hkannan at home.com
Subject: RE: [vpn] VPN and firewall question


I would recommend having a personal firewall and virus scanning
installed on
your home computer even if the following two additional security
precautions
are in place.

If your home computer ALWAYS goes through the corporate firewall for ALL
traffic then your home computer will generally be as safe as any
computer
that resides within the corporate network (depending on the corporate
firewall and how it's setup to handle traffic between the VPN client and
the
Internet).  This setup is sometimes referred to as exclusive gateway -
the
corporate firewall is the client's one and only route for all traffic.

Some firewalls give the administrator the ability to do virus scanning
and
perform other security precautions on the VPN traffic to and from the
VPN
client.

-dave

-----Original Message-----
From: Hari Kannan [mailto:hari_kannan at hotmail.com]
Sent: Monday, October 08, 2001 8:01 PM
To: vpn at securityfocus.com
Cc: hkannan at home.com
Subject: [vpn] VPN and firewall question


Hi,

I was hoping if someone would be able to answer this question.

I have cable modem connection at home and also use VPN provided by my
company to dialin for work related stuff. Will the personal stuff on my
PC
at home be protected by the company's firewall? And, will someone be
able to

use my home PC to hack into the company network? i.e. do I need to buy a

firewall sftware and install at my home PC?

Thanks

Hari Kannan

_________________________________________________________________
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp


VPN is sponsored by SecurityFocus.com

VPN is sponsored by SecurityFocus.com


VPN is sponsored by SecurityFocus.com



VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list