Tugger the SLUGger!SLUG Mailing List Archives

Fwd: [SLUG] VPN security issue

i forwarded that link to a network admin friend of mine who has this to say fyi:

It doesn't have to be insecure, it just requires careful setup to ensure that incoming from the internet is controlled (ie not allowed, or allowed in a completely accountable way) and that there is no capacity for traffic
to cross the two nets: internet <-> tunnel

The vpn product that *** offer uses a cisco client and
disables split-tunnelling. It cannot be worked around as the the client has
no local config. Start the client and it downloads its config from the
server, which cannot be changed without restarting the client...

sounds like a good way of doing it.