NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SecureClient and SecureRemote



I think the root issue here is sometimes referred to as the "Split VPN
Problem"; the most interesting <theoretical> approach I've heard suggested
was to define your encryption domain to 0.0.0.0 mask 0.0.0.0 ("This will
cause many other problems and is not worth exploring."  Hi JB!)
Has anyone explored this line of thought (does it merely, and at best,
reduce this specific SecuRemote issue to the SecureClient issue [and thus,
split vpn] issue)?
-----Original Message-----
From: Craig Skelton [mailto:[email protected]]
Sent: Wednesday, January 31, 2001 8:37 PM
To: Geoffrey Moon; 'Luke, Jason (ISS Southfield)';
[email protected]; [email protected]
Subject: Re: [FW1] SecureClient and SecureRemote



Correct. I don't think much will work. A simple port redirector, and you
have likely got a huge problem. You want to watch carefully the way you
administer SecureClient connections. Limit the users access either by rule
or with the per user configuration. Wherever possible, limit access :)

You also need to do some heavy user education, virus scanning, and
preventative maintance to the remote equipment. If possible, use nt to
prevent users from installing much software by removing local admin. ....

Those are all good steps, but they will not protect you totally. Then again,
who's in your building right now? :)

Cheers,
Craig


----- Original Message -----
From: "Geoffrey Moon" <[email protected]>
To: "'Luke, Jason (ISS Southfield)'" <[email protected]>;
<[email protected]>; <[email protected]>
Sent: Wednesday, January 31, 2001 7:25 AM
Subject: RE: [FW1] SecureClient and SecureRemote


>
> Unfortunately, this still doesn't prevent a rogue application from
> connection sniffing during the session establishment, and then reporting
> passwords, IPs etc. later on when the VPN and SecureClient are down. Sort
of
> the same scenario that happened to Microsoft.
>
> I'm starting to wonder if there's any way to prevent this type of
situation
> besides two-factor authentication like SecurID, SmartCards, etc.?
>
> Geoff
>
> -----Original Message-----
> From: Luke, Jason (ISS Southfield) [mailto:[email protected]]
> Sent: Wednesday, January 31, 2001 8:59 AM
> To: '[email protected]';
> [email protected]
> Subject: RE: [FW1] SecureClient and SecureRemote
>
>
>
> SecureClient was designed to protect from that very scenario.
SecureClient
> has added functionality that the SecuRemote you know of.  SecureClient has
> the ability to download a desktop policy which limits what types of
traffic
> can come in and out of that laptop.  Plus, you can force laptop users to
> download a desktop policy or that cannot go anywhere, so they cannot get
> around it-if they are still connected to your network via VPN.  You need a
> SecureClient user license, which is not free like SecuRemote.  You will
> create an object for your policy server, which will be your current mgmt
> station, which the users download SecuRemote topology and SecureClient
> Desktop policies from.
> I believe the desktop policies are;
> Allow All
> Allow Outgoing only
> Allow Outgoing and Encrypted
> Allow Encrypted only
>
>
> Jason
>
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Wednesday, January 31, 2001 1:02 AM
> To: [email protected]
> Subject: [FW1] SecureClient and SecureRemote
>
>
>
> Hello
>
> Have anyone experience with SecureClient abbr. SecureRemote!
> My problem is the security with both products! How secure is it ??
> I thing when someone hack the PC ,which have installed this product, it
have
> full access to our IT-Infrastructure!
> Is it possible to install it so that is no security problem ?
>
> Best Regards
> Mit freundlichen Grüßen
> Manfred Steinbacher
> EDS Austria - Core Infrastructure
> Network Services
>
> EDS Austria / AVL - Account
> Phone: +43  316 787 470
> Fax:> eMail: [email protected]
> Hans-List Platz 1  A-8020 GRAZ
>
>
>
>
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.