[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vpn
Subject:    Re: VPN's (fwd) - and personal firewalling
From:       Jose Muniz <Munix-1 () Pacbell ! net>
Date:       1997-01-08 9:45:06
[Download RAW message or body]

Well, I know that F-Secure will be releasing soon a VPN and
PersonalDistributed
Firewall, combined and configurable by policy data structures.
You might want to cll them and get some information.
As far as you have a "good" IPSec implementation like Checkpoint 4.1
sp-1
as your gateway termination point the interoperability will be just fine
using either preshared secret or certs.
Good luck.

Jose Muniz.

>
> I'm not sure if this is officially released yet...
>
> CheckPoint SecureClient 4.1, their enhanced VPN
> client, includes a personal firewall module that is
> installed on the end-user's machine as part of the VPN
> client.
>
> The cool thing about this?  All firewall policies for
> the SecureClient are managed and maintained from the
> company's central server that gets pushed down to the
> user each time s/he logs into the VPN.
>
> This secures the end-user's machine even when they're
> not on the VPN and everything is managed by the
> company's security admins.
>
> Hope this helps.
> Chris
> --
>
> --- Jon Carnes <jonc@HAHT.COM> wrote:
> > If you are worried about your folks in the field
> > (and you may well be!) then
> > I would suggest that you get them a decent
> > firewalling program to run on
> > their boxen.  For $40, you can buy software that
> > will protect their machine.
> > I like BlackIce Defender ( http://www.netice.com ),
> > which monitors any
> > attempts to get into their computer and makes sure
> > that the attempts fail.
> > It also tells you when someone has been trying.
> >
> > The users can have the firewall program up and
> > running and still VPN in to
> > the company site, or browse the web.
> > ----- Original Message -----
> > From: "Ryan Russell" <ryan@SECURITYFOCUS.COM>
> > To: <VPN@SECURITYFOCUS.COM>
> > Sent: Tuesday, February 22, 2000 2:48 PM
> > Subject: Re: VPN's (fwd)
> >
> >
> > > On Tue, 22 Feb 2000, Andrew Paul wrote:
> > >
> > > > You might check with the various VPN vendors.
> > They should be able to
> > set up
> > > > a "route table" when the client software is
> > enabled that states all
> > traffic
> > > > should go through the encrypted tunnel.  I
> > believe this can be set up on
> > the
> > > > VPNet VSU systems.  They have a WIN95/98 and NT
> > 4.0 client.  It also may
> > be
> > > > a possibility in the Nortel Contivity product
> > line.
> > > >
> > >
> > > That may not be sufficient.  The attacker can
> > still get packets to your
> > > VPN client.  Even if the replies go back home, the
> > attacker may still get
> > > them, depending on the firewall back home.  I may
> > cases, they'll get them
> > > with a translated source address, whcih for clever
> > attackers won't slow
> > > them down at all, and may allow them to continue
> > their connection just
> > > fine.
> > >
> > > Ryan
> > >
> > > VPN is sponsored by SecurityFocus.COM
> >
> > VPN is sponsored by SecurityFocus.COM
> >
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

[prev in list] [next in list] [prev in thread] [next in thread]