North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Level3 routing issues?
- From: alex
- Date: Mon Jan 27 15:28:44 2003
> On Mon Jan 27, 2003 at 03:03:09PM -0500, email@example.com wrote:
> > > Alex, although technically correct, its not practical. How many end users
> > > vpn in from home from say a public ip on their dsl modem leaving
> > > themselves open to attack but now also having this connection back to the
> > > "Secure" inside network. Has anyone heard of any confirmed cases of this
> > > yet?
> > So then they are using a wrong tool. Using a wrong security tool tends to
> > bite one in the <censored>.
> So what's the right tool? Yes, dial or dsl directly into corporate network
> is my preferred option, but doesn't fit the corporate plan for the future.
Use a client that will push down corporate policy to the client.
> > Yes, I have seen attacks mounted via VPNs. Work like charm.
> As I suspected, but I keep being told that these problems were in old style
> VPN clients, and stuff is much better these days. I remain unconvinced.
VPN client creates a fake IP interface. If that interface deos not get the
policy of a corporate network, you have an open enterance. Some of the
clients (such as the ones CheckPoint has) do that. Others dont.