From: Samir Pawaskar (samirp@eim.ae)
Date: Sun Sep 04 2005 - 06:39:44 EDT
I am facing a similar position, however my vendor insists that Nortel VPN
has to be in Internet .. It cannot use natted IP..
I do not exactly buy this suggestion but am still looking for conclusive
evidence to confront him with this..
Any help appreciated
Regards
Samir
----- Original Message -----
From: "Rodrigo Blanco" <rodrigo.blanco.r@gmail.com>
To: <camfischer@gmail.com>
Cc: <pen-test@securityfocus.com>
Sent: Saturday, September 03, 2005 3:04 PM
Subject: Re: Nortel Contivity 2600
Hello,
I would think of DoS at first (certain versions of the Conctivity have
DoS vulnerabilities).
Although its VXworks architecture seems very robust, it does not look
right to me to have a VPN concentrator directly accessible on the
Inernet, why not place it in a DMZ (firewall protection makes sense,
and so does IDS/IPS)?
By the way, bear in mind Contivity also has a firewall module that can
run on its same platform, this could be very reccomendable if you are
to place it directly on the Internet.
Hope this helps,
Rodrigo.
On 9/1/05, Cam Fischer <camfischer@gmail.com> wrote:
> Hi list!
>
> I am looking for good reasons why I should move a Nortel Contivity
> 2600 VPN device behind a firewall.
>
> Currently the device sits on the internet, and is used for VPN traffic
> from other offices, and also for VPN dial-in users.
>
> Are there any risks with this configuration? What comments can be made
> around whether or not I should be placing this behind the firewall /
> IDS....
>
> Thanks!
>
----------------------------------------------------------------------------
-- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:49 EDT