Penetration Testing mailing list archives
Re: Risks associated to branch office IPSec devices
From: Matt Bellizzi <matt.bellizzi () nokia com>
Date: Wed, 22 Jun 2005 12:04:56 -0700
And a layer three firewall would prevent this how? Unless you have an application level firewall your still at risk here.
Matt Bellizzi Nokia Enterprise Systems SQA Engineer IP VPN Group ext Steve Goldsby (ICS) wrote:
First time someone brings in an infected file or downloads something with malware on it from the internet, watch the entire VPN-connected enterprise meltdown.We saw an ENTIRE STATE network do this. Steve Goldsby, CEO Integrated Computer Solutions, Inc. -- 334.270.2892 www.integrate-u.com / www.networkarmor.com A Democracy cannot exist as a permanent form of government. It can onlyexist until a majority of voters discover that they can vote themselves largesse out of the public treasury. -- Alexander Tyler ScottishHistorian-----Original Message-----From: Rodrigo Blanco [mailto:rodrigo.blanco.r () gmail com] Sent: Tuesday, June 21, 2005 3:01 PMTo: pen-test () securityfocus com Subject: Risks associated to branch office IPSec devices Hello list, I have just come across a doubt about branch office VPN devices. Normally, they are used so that a branch office's network - typically with a private addressing scheme - can securely connect to the headquarters' central network. Such VPN devices normally do not include a firewall, so I was wondering if this really represents a risk: Yes - it is a risk if the VPN device just acts as a router (no ACLs) and is attached to the Internet. No - because the addressing scheme behind it is private, hence non-routable, hence unreachable across the Internet (internet routers would drop packets with such destinations?) The only real risk I see is if the VPN device is cracked, and from there the security of the whole network (both brach office and headquarters) is exposed. Am I right? Any ideas would be more than welcome. Thanks in advance for your advice and best regards, Rodrigo.
Current thread:
- Risks associated to branch office IPSec devices Rodrigo Blanco (Jun 21)
- Re: Risks associated to branch office IPSec devices Matt Bellizzi (Jun 21)
- Re: Risks associated to branch office IPSec devices Chris Byrd (Jun 21)
- <Possible follow-ups>
- RE: Risks associated to branch office IPSec devices Steve Goldsby (ICS) (Jun 21)
- Re: Risks associated to branch office IPSec devices Matt Bellizzi (Jun 22)
- RE: Risks associated to branch office IPSec devices Robert Hines (Jun 22)
- Re: Risks associated to branch office IPSec devices Matt Bellizzi (Jun 22)
- RE: Risks associated to branch office IPSec devices Steve Goldsby (ICS) (Jun 22)