Regarding the location of VPN server, rather than being on a firewall or a
box within the local subnet, it should be placed on a server within a
demilitarised zone.
Also, security does vary between site VPNs and user VPNs. Appropriate
policies should be enforced to prevent exploitation of VPNs via
exploitations on a users machine.
All the best...
Mike
---
Michael S. E. Kraus
Administration
Capital Holdings Group (NSW) Pty Ltd
p: (02) 9955 8000
Rob B <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
13/03/2003 05:30 PM
To: [EMAIL PROTECTED]
cc:
Subject: RE: [SLUG] Win2k - Linux VPN
At 04:55 PM 13/03/03, Adam W sent this up the stick:
>Just on this topic of VPN's. I have been meaning to ask everybody. How
>secure are VPN's in terms of packet sniffers/encryption etc. The company
>that I work for has decided to use citrix Nfuse or whatever the S^#@ is!
>Because they argue that using a VPN is insecure - I totally disagree
>with this, as I know massive multi-national corporations use these and
>rely on these. And as if these companies would use this if it was
>insecure.
A IPSEC VPN seems to be most secure out of these technologies, when I
worked for a large ISP we used to implement them (with 3DES encryption and
key regeneration every hour). Since the actual keys aren't transmitted,
they can't be sniffed. They were a nice cash cow for us, being a managed
service and all.
However, you still want a firewall or the like protecting the VPN box, if
the VPN box is compromised, then the whole VPN is compromised too.
cheers,
rob
--
It was such a lovely day I thought it a pity to get up.
This is random quote 724 of 1254.
Distance from the centre of the brewing universe
[15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian
Public Key fingerprint = 6219 33BD A37B 368D 29F5 19FB 945D C4D7 1F66
D9C5
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
