[55330] in North American Network Operators' Group
Re: Level3 routing issues?
daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Mon Jan 27 14:51:09 2003
Date: Mon, 27 Jan 2003 14:50:22 -0500 (EST)
From: alex@yuriev.com
To: Jack Bates <jbates@brightok.net>
Cc: lamour@UU.NET, Dave Stewart <dbs@dbscom.com>, nanog@merit.edu
In-Reply-To: <004d01c2c56a$c85c69a0$bff74341@jackdell>
Errors-To: owner-nanog-outgoing@merit.edu
> > Note that in the case of a worm, a VPN could work against you. If you
> > have all the right filters in place at your "perimeter" and yet let
> > your employees in through a VPN solution of some sort, you could still
> > be screwed if one of their home systems gets infected somehow.
>
> So what you're saying is that a really good worm could infiltrate any secure
> network by targetting those who vpn from exterior sources, collect data, and
> then run? Hmmm. Wait a sec. Would that constitute a worm if it had purpose?
>
This is not correct. VPN simply extends security policy to a different
location. A VPN user must make sure that local security policy prevents
other traffic from entering VPN connection.
Alex
