North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Level3 routing issues?
> On Mon Jan 27, 2003 at 03:03:09PM -0500, [email protected] wrote: > > > Alex, although technically correct, its not practical. How many end users > > > vpn in from home from say a public ip on their dsl modem leaving > > > themselves open to attack but now also having this connection back to the > > > "Secure" inside network. Has anyone heard of any confirmed cases of this > > > yet? > > So then they are using a wrong tool. Using a wrong security tool tends to > > bite one in the <censored>. > > So what's the right tool? Yes, dial or dsl directly into corporate network > is my preferred option, but doesn't fit the corporate plan for the future. Use a client that will push down corporate policy to the client. > > Yes, I have seen attacks mounted via VPNs. Work like charm. > > As I suspected, but I keep being told that these problems were in old style > VPN clients, and stuff is much better these days. I remain unconvinced. VPN client creates a fake IP interface. If that interface deos not get the policy of a corporate network, you have an open enterance. Some of the clients (such as the ones CheckPoint has) do that. Others dont. Alex
|