Firewall Wizards mailing list archives
Re: worm + VPN + firewall
From: Paul Robertson <proberts () patriot net>
Date: Mon, 18 Aug 2003 07:11:43 -0400 (EDT)
On Sat, 16 Aug 2003, Carric Dooley wrote:
I agree that the VPN segment should be DMZ'd, but typically those users have acess to NetBIOS so they can map shares, etc. If you didn't patch, you are hosed on this one. Lots of people didn't learn from Nimda.
But they normally only really need to map shares on a handful of servers, so firewalls can still be effective. Let's face it- VPNs should be more restricted than internal users for most, if not all implementations. Other than "single computer, owned by the organization, administered by the organization, without anything personal on it"- VPNs raise significant issues when it comes to trust, administration, ownership, multihoming, etc. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- worm + VPN + firewall Mordechai T. Abzug (Aug 15)
- Re: worm + VPN + firewall R. DuFresne (Aug 15)
- Re: worm + VPN + firewall Carric Dooley (Aug 17)
- Re: worm + VPN + firewall R. DuFresne (Aug 18)
- Re: worm + VPN + firewall Paul Robertson (Aug 18)
- Re: worm + VPN + firewall Bennett Todd (Aug 18)
- Re: worm + VPN + firewall Carric Dooley (Aug 17)
- Re: worm + VPN + firewall R. DuFresne (Aug 15)
- RE: worm + VPN + firewall lordchariot (Aug 15)
- <Possible follow-ups>
- RE: worm + VPN + firewall Ames, Neil (Aug 15)
- RE: worm + VPN + firewall Steve Evans (Aug 15)