[Dshield] Cisco VPN Question

Roman Fomichev from at e-solutions.lv
Tue Sep 9 20:38:02 GMT 2003


As I understand, the laptop at home with VPN to work is one of the easyest 
ways for hacker to get into
firewalled office.
So I have practice with nortel contivity switches, where we have some 
improvements for VPNs:
1. all tunnels could be filtered as ordinal connection attempt (this 
feature I have seen on Cyberguards too)
2. VPN clinet disconnects if client routing table changes after connection 
was established, and by default all traffic goes into tunnel
3. TunellGuard can be installed on client to check for specific 
requirements, such as: enabled personal firewall, active antivirus 
software, etc...




On Tue, 09 Sep 2003 09:32:53 -0400, Mark Warner <warner at neb.com> wrote:

> I followed the thread about VPN earlier but cant seem to find an answer 
> to this question.
> My network is pretty stable with only a handful of traveling laptops and 
> only 5 users on our CIsco 3000 VPN.
> We only had two machines infected with blaster.exe.  One was a Laptop, 
> who caught the bug at home,
>   and the other is a machine only connected to by console and one VPN 
> user.  She is quite diligent and says she is clean.
> We filter with our standard firewall rules on the VPN.
> My question is, can an infected machine tunneling into here bring the 
> virus inside ?
> If so how do I stop it?
> We are thinking of stepping up the VPN users to include more machines 
> and it worries me not having control of their machines.
> THanks
> Mark
> Mark Warner
> TelCom/Network Manager
> New England BioLabs Inc.
> 32 Tozer Rd
> Beverly MA
> 01915
> 978.927.5054 Ext. 407 Office
> 978.921.1350 Fax
> warner at neb.com
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
>





More information about the list mailing list