nanog mailing list archives

VPN clients and security models


From: alex () yuriev com
Date: Tue, 28 Jan 2003 11:52:39 -0500 (EST)


This is not correct. VPN simply extends security policy to a different
location. A VPN user must make sure that local security policy
prevents other traffic from entering VPN connection.

This is nice in theory, but in practice is simply not true. even
assuming that the most restrictive settings are used (user may not
install software by admin setting, has no local administration on his
machine, IP traffic other than via the VPN is exclusive to the vpn
client) it is *still* possible that the machine could be compromised by
(say) an email virus who then bypasses security by any one of a dozen
routes.

Welcome to the world of formal security models. If in theory a VPN is
nothing more than a tool of extending the security policy of a site to a
remote location, then it does not matter what kind of things you try to
achieve with it, it *wont* work for anything other than extending a security
model of a site to a remote location. Can one try to use it for something
else? Sure, one can. It may even work for a little bit, as long as it does
not contradict that security model. 

Your VPN connection dropped you back into your site. If it is site's
security model that all mail comes in and goes out via some mail server that
filters out email viruses, and via VPN you are virtually in a footprint of
that site, then why are you not using the site mail server or why is the VPN
client lets you not use it? If it does not enforce the site's security
policy, then it is a BAD VPN client.

Alex


Current thread: