Not sure what you mean by this. The VPN technology used is irrelevant. If I have a home user who uses their laptop to access the Internet, there are various ways that machine could become compromised. If that user then attaches to the VPN, I have a machine on my VPN that is compromised. It doesn't matter what the method of VPN is (L2TP with IPsec, PPTP, etc), it's not going to keep a compromised machine from continuing to be compromised.
All the VPN can do is keep a non-compromised machine from becoming compromised through the VPN. If the machine is compromised before it connects to the VPN, no amount of VPN technology is going to help. This issue is not solvable through VPN technology because it isn't a VPN problem. It's an end-station access control problem. At the end of the day, if your users are allowed to completely control their own machines, the liklihood that someones machine will be compromised approaches 1.0. (in other words, certainty) This risk can be mitigated through various software and poliices, but it cannot be eliminated. -Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of SentinuS Sent: Saturday, December 01, 2001 5:35 AM To: [EMAIL PROTECTED] Subject: Re[4]: VPN is a Backdoor !!! [7:27725] May be. But if you use L2TP or Layer 3 transport on VPN, all your mobile users could be Local. Thus you don't need to additional security on your Mobile user (I mean firewall or anti-virus app.) SentinuS Friday, November 30, 2001, 6:07:02 PM, you wrote: KH> Your right, but it is nearly impossible to secure the client. The problem KH> is that no matter how much education you give users, most will still do the KH> "wrong" thing given the right circumstances. For example, if they are in a KH> chat room and someone they are communicating with sends them a file, most KH> will open it, no matter how many times you tell them not to. --cut here--- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28000&t=27725 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
