Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Ex-Bay Networks CEO: Nortel's enterprise group could do well on its own
•	Net neutrality advocates score big win with broadband stimulus rules
•	Security guard charged with hacking hospital systems
•	Cisco looks to accelerate virtualization deployments
•	Apple patching serious SMS vulnerability on iPhone
•	Could Cisco take on Microsoft with office app service?
•	Nortel enterprise data chief wants to bring back Bay Networks
•	Government releases $4 billion in broadband stimulus funds
•	Why the iPhone can't be 'killed'
•	IBM bundles x86 servers with VMware, offers special financing
•	Users note virtualization foot-dragging among app vendors
•	Five slick search engines you should know about
•	FTC opens all out assault on economic cyber-scammers
•	Happy birthday! The Walkman turns 30
•	Cisco won't take on Amazon in cloud
•	More breaking news

Security /

Preventing VPN-based break-ins

By Steve Blass
Network World, 04/09/01

We have questions about DSL VPN security. We're concerned that drives on PCs could be shared by the world; Web servers could be installed to serve mapped drives from the PCs; things like PC Anywhere and VNC could be used to access our network; and viruses could be propagated. How do you limit the effects of a compromised PC from attacking your network?

In places where you have administrative control over a VPN-connected PC, audit the configuration, settings and behavior, and remotely reset them when you detect abnormalities. Where you don't have control, monitor the traffic and behavior, and remotely disconnect the devices when you detect abnormalities.

Advertisement:

To lock out hijacked PCs authenticated to your VPN, you will need to authenticate an authorized user's physical presence or certified authorization at an application transaction level.

Smart cards, authentication tokens, one-time passwords, an intrusion-detection system working with a virus-scanning gateway and a PC configuration monitoring and management suite can be used to build the access-control, authentication, authorization, auditing, accounting and administration capability you need to detect and drop offensive connections. At a minimum, you should time out inactive sessions, perform configuration checks at logon and install an intrusion-detection system.

As a network architect at Change at Work in Houston, Blass understands the strain of developing and managing networks. Send your problems to dr.internet@changeatwork.com

Ask Dr. Internet archive
Past columns.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.

Click Here

alt text

Click Here

HOME

RESEARCH CENTERS

NEWS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.