>From: Mike Batchelor <[EMAIL PROTECTED]
>
>Deepsixing the term server is actually a pretty good idea, and may have a
good
>chance of flying if you pitch a good VPN product as its replacement. Then
>your users can access your company network at Cable or DSL speed, more or
>less. And you close a loophole that has existed before anyone at your
company
>even heard of DSL or Cable modems. How do you know that one of your users
>wasn't already dialed up to their ISP on one modem, while dialed into your
>term server on a second modem?
>
>The VPN can also be used when a user dials directly into your modem pool,
and
>can provide some measure of improvement in security over simple PPP,
depending
>on how strong the VPN is at authenticating and encrypting traffic.
I may be mistaken but if the VPN automatically encapsulates all IP traffic,
then it should be transparent to the routing tables on the remote machine,
which means that even though the link between the the VPN client and the
server is authenticated and encrypted, if I can push packets to the remote
machine on the non-VPN DSL-side, and address it to your private network
(maybe via source-routing), your VPN will authenticate and encrypt my forced
packets for me...
Also, it seems instituting a VPN on a dial-up modem pool into your internal
network seems like overkill to me, unless you are worried about someone
wiretapping your phone...
--
Gene Lee
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
