Security Basics mailing list archives
RE: How safe is a VPN connexion from within an internal network?
From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Tue, 21 Nov 2006 09:39:27 -0500
Pierre, A VPN connection between business partners if very common. Is it safe? The session will be encrypted between end points of the connection, so it is safe from eavesdropping between end points. However, to ensure it is safe for the workstation on your network, you will want to disable split tunneling. This means that all of the network traffic will go through the VPN, none on your LAN. So, the workstation on your LAN will in essence no longer be on your LAN during the connection. This will prevent "IP reachablility" (TM) from their LAN into yours. The workstation also will not be able to print to your LAN during this time. Once the connection is established, you will have an IP address on their network, so yes, a host on the external network can access your box if their router|firewall rules allow it. Make sure your box is fully patched and shares secured. If you know the IP addresses that you need to reach, you should configure a firewall to allow traffic only to and from those IPs on the ports you'll need. Frequently, the VPN IP addressing scheme is different from the internal LAN IP addressing scheme and a router|firewall is used to control access on both ends. The VPN client initiates the connection, and during the session, you are exposed to the other LAN. Once the client terminates the session, the other end cannot re-initiate the session. The VPN connection will most likely be terminating at a firewall or concentrator. As you will be the client, not the server, they cannot attach to you, you attach to them. A site to site VPN would allow connectivity for more than one host. If you only need access from one workstation, go with the VPN client solution. Kind Regards, Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of PIERRE.DUFRESNE () MESS GOUV QC CA Sent: Monday, November 20, 2006 10:47 AM To: security-basics () lists securityfocus com Subject: How safe is a VPN connexion from within an internal network? Hi all! I have been asked to install a vpn client on a workstation inside our network that would access another network through our firewall. Besides the technical details of allowing IPSec traffic through a NATed device, I was wondering how safe is this practice? Is it done often? Once the connexion is established, can a host on the external network access the workstation inside my network, ie initiate a connexion? Should I rather go with a "site to site" vpn connexion? Thanks for your time Pierre ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: How safe is a VPN connexion from within an internal network?, (continued)
- RE: How safe is a VPN connexion from within an internal network? Patton Roub (Nov 21)
- Re: How safe is a VPN connexion from within an internal network? David Jacoby (Nov 21)
- Re: How safe is a VPN connexion from within an internal network? Jeffrey F. Bloss (Nov 22)
- Re: How safe is a VPN connexion from within an internal network? Joseph Jenkins (Nov 23)
- Re: How safe is a VPN connexion from within an internal network? David Jacoby (Nov 23)
- Re: How safe is a VPN connexion from within an internal network? Peter Fuggle (Nov 27)
- Re: How safe is a VPN connexion from within an internal network? Jeffrey F. Bloss (Nov 27)
- Re: How safe is a VPN connexion from within an internal network? Jeffrey F. Bloss (Nov 22)
- Re: How safe is a VPN connexion from within an internal network? Michal Merta (Nov 21)
- Re: How safe is a VPN connexion from within an internal network? rvenne (Nov 21)
- RE: How safe is a VPN connexion from within an internal network? Quark IT - Hilton Travis (Nov 21)
- RE: How safe is a VPN connexion from within an internal network? Scott Ramsdell (Nov 21)
- Re: How safe is a VPN connexion from within an internal network? krymson (Nov 21)
- Re: Re: How safe is a VPN connexion from within an internal network? krymson (Nov 27)
- Re: How safe is a VPN connexion from within an internal network? Jeffrey F. Bloss (Nov 28)