Alex, although technically correct, its not practical. How many end users vpn in from home from say a public ip on their dsl modem leaving themselves open to attack but now also having this connection back to the "Secure" inside network. Has anyone heard of any confirmed cases of this yet? On Mon, 27 Jan 2003 alex@yuriev.com wrote:
Note that in the case of a worm, a VPN could work against you. If you have all the right filters in place at your "perimeter" and yet let your employees in through a VPN solution of some sort, you could still be screwed if one of their home systems gets infected somehow.
So what you're saying is that a really good worm could infiltrate any secure network by targetting those who vpn from exterior sources, collect data, and then run? Hmmm. Wait a sec. Would that constitute a worm if it had purpose?
This is not correct. VPN simply extends security policy to a different location. A VPN user must make sure that local security policy prevents other traffic from entering VPN connection.
Alex