On Mon Jan 27, 2003 at 03:03:09PM -0500, alex@yuriev.com wrote:
Alex, although technically correct, its not practical. How many end users vpn in from home from say a public ip on their dsl modem leaving themselves open to attack but now also having this connection back to the "Secure" inside network. Has anyone heard of any confirmed cases of this yet? So then they are using a wrong tool. Using a wrong security tool tends to bite one in the <censored>.
So what's the right tool? Yes, dial or dsl directly into corporate network is my preferred option, but doesn't fit the corporate plan for the future.
Use a client that will push down corporate policy to the client.
Yes, I have seen attacks mounted via VPNs. Work like charm.
As I suspected, but I keep being told that these problems were in old style VPN clients, and stuff is much better these days. I remain unconvinced.
VPN client creates a fake IP interface. If that interface deos not get the policy of a corporate network, you have an open enterance. Some of the clients (such as the ones CheckPoint has) do that. Others dont. Alex