Re: Security and VPN

From: Sat Jagat Singh (flyingdervish@yahoo.com)
Date: Fri Jun 22 2007 - 16:30:58 EDT

• Next message: Thor (Hammer of God): "Re: Re: Strange ports"
• Previous message: Tim Shea: "Re: Re: Strange ports"
• In reply to: Sohail Sarwar: "Security and VPN"
• Next in thread: Clint P. Garrison MBA, CISSP, QSA: "Re: Open Source Database Auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Many good points have been made on this question. One
more to consider is that many organizations have a
policy of not allowing any network access from
employee owned computing devices. Obviously the
effect being that you would need to issue laptops to
anyone requiring VPN access. The upside being that
you then control the configuration, you can have your
management interfaces on it, set to check in with your
servers for configuration updates, and concerns over
the insecurity of somebody's home system are a bit
smaller.

If you do go this route, I would suggest to disable
password caching and have the users log onto the units
with a local account. Otherwise, a hash of your (and
possibly the domain admin account) password is
floating around out there at large for cracking since
you will have logged onto the unit to do configuration

--- Sohail Sarwar <ssarwar@ecredit.com> wrote:

> Hi there,
>
> I just wanted to put this out there. How secure is
> VPN.
> Meaning, if my users take home the client and
> install it on their
> desktop at home, and connect to the corporate
> network and production
> network, wheat are we really looking at. Are they
> secure or not.
>
> Two factor authentication would only help the
> authentication
> purpose and to protect the user name and password ?
>
> How about restricting them to access, and how about
> worrying
> about their home computer that can be effected.
>
> Has anyone been through this. Any one give home
> users a list of
> requirements that they must have before vpn can be
> offered to them ?
>
> Should there be some type of desktop policy
> installed on their
> home computer, just to protect the company network ?
> Any help and
> guidance would be great
>
> Regards,
> Sohail
>
>
------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
>
------------------------------------------------------------------------
>
>

       
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Thor (Hammer of God): "Re: Re: Strange ports"
• Previous message: Tim Shea: "Re: Re: Strange ports"
• In reply to: Sohail Sarwar: "Security and VPN"
• Next in thread: Clint P. Garrison MBA, CISSP, QSA: "Re: Open Source Database Auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:53 EDT