Security Basics mailing list archives

RE: VPN Access for Consultants (Little Late)

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 25 Nov 2003 09:30:16 -0800

  On the VPN solutions I've used, whether clients are allowed
to change this is a setting controlled from the VPN server.
i.e., When I decide to let remote users connect via VPN, *I*
determine whether they can do "split tunnel" or not.  (And
the answer is "NOT".)

David Gillett

-----Original Message-----
From: Gabriel Orozco [mailto:gabriel_orozco () mx sumida com]
Sent: November 24, 2003 18:08
To: security-basics () securityfocus com
Subject: Re: VPN Access for Consultants (Little Late)

I use VPN to my networks for several employees.

but they can easily change their setup from being not shared 
to share both
networks.

how you as a netadmin can assure they will not do this? I 
don't think it's a
reasonable way unless you are the Administrator for their 
notebooks and they
don't have access to the setup of the VPN client.

other than that, or you trust them (and of course protect yourself via
signed papers) or you don't and you thell what are the 
possibilities if a
person has this kind of access to your net.

----- Original Message ----- 
From: <lennons () comcast net>
To: <security-basics () securityfocus com>
Sent: Thursday, November 20, 2003 8:59 PM
Subject: Re: VPN Access for Consultants

Jenn:

Speaking as a consultant and an IT manager as well.  On client
networks that we are allowed to plug into their network we can VPN
into our network.

However, that will drop my connection to their resources and allows
me to access our company's resources.  Once I kill the Tunnel I am
back to accessing their network resources.

The difference between a split tunnel and a dedicated tunnel.  We do
a lot of server and application support on Physician networks and
sometimes spend lots of time on site.  We need to be able to check
our email and our help system for updates.  But again.  No split
tunnel.  Dedicated.



Steve




Send reply to:  "Steve" <securityfocus () delahunty com>
From:           "Steve" <securityfocus () delahunty com>
To:             "Jennifer Fountain" <JFountain () rbinc com>,
<security-basics () securityfocus com>
Subject:        Re: VPN Access for Consultants
Date sent:      Thu, 20 Nov 2003 17:57:24 -0500

We require use of our DMZ, or simple enough to have them

on a VLAN into
the

DMZ.  We require temps/consultants to sign our non

disclosure agreement
and

acceptable use policy.  We require that they let us check

their machines
for

anti-virus software.


----- Original Message ----- 
From: "Jennifer Fountain" <JFountain () rbinc com>
To: <security-basics () securityfocus com>
Sent: Wednesday, November 19, 2003 6:28 PM
Subject: VPN Access for Consultants


Hi All:

We have several consultants working for my company and they have
requested that I allow vpn access through our firewall to

their company.

They want to be able to access their network and our

network at the same

time (tunnel).  I told them no, I do not want to create a

tunnel between

my network and theirs but I would allow them to plug

their laptops into

the dmz or outside the firewall so they can access their

network.  They

proceeded to look at me like I had six heads and act like

I was the only

security admin that wouldn't allow this.  What is the

general consensus

on this type of activity?  What policies do you have

implemented?  Do

you allow it if the remote network was confirmed to be secure?

Thanks for any info
Jenn

--------------------------------------------------------------
------------
-

--------------------------------------------------------------
------------
--

--------------------------------------------------------------
------------
-

--------------------------------------------------------------
------------
--

--------------------------------------------------------------
------------
-

--------------------------------------------------------------
------------
--



--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

VPN Access for Consultants Jennifer Fountain (Nov 20)
- RE: VPN Access for Consultants David Gillett (Nov 20)
- Re: VPN Access for Consultants Mike Bowler (Nov 20)
- Re: VPN Access for Consultants Steve (Nov 20)
  - Re: VPN Access for Consultants lennons (Nov 21)
    - Re: VPN Access for Consultants (Little Late) Gabriel Orozco (Nov 25)
    - RE: VPN Access for Consultants (Little Late) David Gillett (Nov 25)
    - Re: VPN Access for Consultants (Little Late) Jimi Thompson (Nov 26)
- Re: VPN Access for Consultants Alessandro (Nov 20)
- Re: VPN Access for Consultants Byron Sonne (Nov 21)
- Re: VPN Access for Consultants crtech (Nov 23)
- <Possible follow-ups>
- VPN Access for Consultants Louis Cypher (Nov 21)