Security Basics mailing list archives
RE: VPN and Security
From: "Nick Duda" <nduda () VistaPrint com>
Date: Tue, 19 Jun 2007 12:44:01 -0400
Mike refers to CCA (Cisco Clean Access) , CAS and CAM A great solution that we just implemented. You can write checks/rules and roles based on anything you want from a client PC. You can check registry, files, folders, services, installed aps, updates even write your own custom stuff that enforces end users agree to your VPN/AUP. It gets setup to automate the process so non-technical VPN users just have to click a button to remediate the issue. It's costly, but ensures that what requirements you set are met before access is granted. - Nick -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael J. Benedetto Sent: Tuesday, June 19, 2007 12:07 PM To: 'Murda Mcloud'; 'Sohail Sarwar'; 'Scott Ramsdell'; 'WALI'; security-basics () securityfocus com Subject: RE: VPN and Security There are also technologies like Cisco NAC (among others) that can check and enforce endpoint compliance with you standards (patch levels, antivirus, etc.). That should help on the user side if you can't force them to use a company configured and maintained PC from outside the office. -Mike
-----Original Message----- From: listbounce@securityfocuscom [mailto:listbounce () securityfocus com] On Behalf Of Murda Mcloud Sent: Monday, June 18, 2007 9:00 PM To: 'Sohail Sarwar'; 'Scott Ramsdell'; 'WALI'; security-basics () securityfocus com Subject: RE: VPN and Security VPN is as secure as how well it is implemented and used. Also, the various encryption algorithms used determine how secure it is. Like everything, it is as strong as the weakest link and usually in this scenario that means the home user or their PC. You're right about the two factor authentication. What were you thinking of using-smart cards or similar? Giving home users the list of things they must have in place(AV for example) is a good idea. Will you allow them to split tunnel from their home connections or will they have to come through the VPN connection to be able to browse so that they can still go through your firewall/proxy etc? Second option is safer but prob slower. And how would you control them when they're not on a VPN? Depending on how far you want to go, you could specify that they only use their laptop for the VPN and have no split and then they can use their home pc for their own use. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sohail Sarwar Sent: Monday, June 18, 2007 11:08 PM To: Scott Ramsdell; WALI; security-basics () securityfocus com Subject: VPN and Security Hi there, I just wanted to put this out there. How secure is VPN. Meaning, if my users take home the client and install it on their desktop at home, and connect to the corporate network and production network, wheat are we really looking at. Are they secure or not. Two factor authentication would only help the authentication purpose and to protect the user name and password ? How about restricting them to access, and how about worrying about their home computer that can be effected. Has anyone been through this. Any one give home users a list of requirements that they must have before vpn can be offered to them ? Should there be some type of desktop policy installed on their home computer, just to protect the company network ? Any help and guidance would be great Regards, Sohail
--------------------- Confidentiality note The information in this email and any attachment may contain confidential and proprietary information of VistaPrint and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any review, reliance or distribution by others or forwarding without express permission is strictly prohibited and may cause liability. In case you have received this message due to an error in transmission, please notify the sender immediately and delete this email and any attachment from your system. ---------------------
Current thread:
- VPN and Security Sohail Sarwar (Jun 18)
- Re: VPN and Security Simon Chang (Jun 19)
- RE: VPN and Security Murda Mcloud (Jun 19)
- RE: VPN and Security Michael J. Benedetto (Jun 19)
- RE: VPN and Security Nick Duda (Jun 19)
- RE: VPN and Security Cruse, Kevin (Jun 19)
- RE: VPN and Security Nick Duda (Jun 19)
- RE: VPN and Security Michael J. Benedetto (Jun 19)
- RE: VPN and Security Herb Steck (Jun 19)
- RE: VPN and Security Nick Duda (Jun 19)
- RE: VPN and Security Murda Mcloud (Jun 20)