RE: Tunnel intruder

[Irwin Lazar <ILazar () burtongroup com>]

Most of the enterprises we work with employ VPN clients that use compulsory
tunnels.  Once the VPN client connects, all other traffic in and out of the
computer is blocked.  This, by the way, is also our best practice
recommendation.

There are of course plenty of companies who don't follow this approach.  To
answer your question, no, I don't know of a specific incident.

irwin

------ 
Irwin Lazar
Practice Manager, Burton Group 
www.burtongroup.com <http://www.burtongroup.com>  
ilazar () burtongroup com <mailto:ilazar () burtongroup com> 
Office: 703-742-9659  
Cell: 703-402-4119 
"DrivingNetworkEvolution"


-----Original Message-----
From: Jim MacLeod [mailto:jmacleod () earthling net]
Sent: Wednesday, October 09, 2002 5:21 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Tunnel intruder


There's a lot of FUD being touted by firewall vendors about the possibility 
of a home computer being hacked, then the attacker using that computer's 
VPN connection to the office to break into the company network.

I can see this as a possibility and realize that we could easily get into 
an extended discussion of the probability/impossibility/inevitability of it 
occurring.  I personally want to avoid speculation.

Does anybody know of an actual incident where this attack was used, 
successfully or not?

Thanks,
-Jim

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards