Re: VPN for *DSL/CableModem Users

["Ray Hooker" <ray.hooker () attglobal net>]

VPN software is only going to protect the sessions and the data being
transmitted.  With DSL or a Cable modem, you have a fixed IP address which
can be attacked.  Your choices are to trying to individually play with the
bindings and services of each workstation tighten the security or to have
them purchase a personal firewall product.  I would believe that a personal
firewall product would be more appropriate for corporate deployment.  Some
users may want to install a Linux server with IP firewalling, but I don't
think that you will be able to tunnel the VPN sessions through the Linux
system... and besides that is beyond most user's skill.

The other things that you need to consider is:
-  Make certain that you develop a security standards/policy and
configuration guide for these remote users.
-  Select a VPN product that supports the SecureID.  FW-1 is okay but you
may want to consider separate product (e.g., IRE) if the numbers are very
high.
-  Implement some sort of intrusion detection product such as RealSecure to
monitor potential intrustion.
-  Make certain that you regularly scan your setup for security holes.

Ray Hooker


> .............VPN's IMO would do little to protect a
>  machine which has a greater chance of becoming compromised,
>  besides breaking corporate security policy since all non-VPN
>  connections would probably allow those same services not
>  normally allowed in the office. My question, and thank you
>  for reading this far, is what VPN software and/or hardware
>  is recommended and what can be done to enforce the present
>  corporate policy (aside from asking users to sign an agreement).
>
> Thank you all,
>
> -mike


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards