On 12/2/10 11:41 AM, Paul Hill wrote: > Scary stuff. Which is often why the default route is forced over the > vpn. For Windows PPTP this is the default setting[1]. It's been a > while since I used a CISCO vpn but I think the same is true there.
But you can't really force the default route. The VPN can set it, but anyone with rights on the workstation can change it back to their cable modem or whatever. So it is a little bit better than security theater. I think strong perimeter firewalls are one critically important piece of corporate security. And a computer with the Internet between it and the corporate network is definitely outside the perimeter, vpn'd or not. The firewall must be able to inspect the VPN traffic, or else it can't do its job, and you have a huge unmanageable hole. My opinion, of course. Paul _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
