On Thu, 9 Mar 2000, Eric Johnson wrote:
> Texas A&M now allows VPN connections from off campus by
> students, staff, and faculty. This prompted the following statement
> on tamu.networks about the issue:
>
> : The biggest issue that we see is that users are going to have to
> : be a lot more careful about the security of the remote machine
> : that they are using to access campus. If they inadvertantly give
> : access to someone else through the VPN tunnel and problems
> : result, the user who authenticated the tunnel will be the one who
> : is ultimately responsible.
I wonder how they'll seek to hold that responsibility when the remote PC
is trojaned because a family member of an employee opened the wrong e-mail
or got a trojan that their anti-virus scanners weren't updated for, or
worse-yet a bug in the OS or an application was exploited remotely by an
attacker?
It seems to me that the responsibility should sit squarely with the people
who decided that remote VPN access was good enough to allow in to the
internal network. Of course, thinking like that would probably kill the
VPN industry as we know it...
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
