Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Is SecuRemote Safe?

To: Laurence Mayer <[email protected]>
Subject: Re: [FW1] Is SecuRemote Safe?
From: Nico De Ranter <[email protected]>
Date: Fri, 22 Jun 2001 15:40:02 +0200
Cc: "'[email protected]'" <[email protected]>
In-reply-to: <E1287383AF0BD411A88600508BC26357B08917@server3.jerusalem-global.com>; from [email protected] on Thu, Jun 21, 2001 at 04:47:53PM +0200
References: <E1287383AF0BD411A88600508BC26357B08917@server3.jerusalem-global.com>
Sender: [email protected]

On Thu, Jun 21, 2001 at 04:47:53PM +0200, Laurence Mayer wrote:
> 
> Please can someone correct me if I am wrong :
> 
> In order to create a VPN between a mobile user and the firewall. The user
> needs 
> to have SecuRemote installed, connect to the site and login using login name
> and password, once he is logged in
> he has access to the entire LAN, correct?

He has access to the parts you allow him access to. Packets coming in through a
VPN are still subject to the Firewall policy. I would suggest to restrict access
to specific servers anyway.

> If this is correct what stops a potential hacker from getting the ip address
> of my FW and
> guessing login names and passwords?
> 
> Is there no key or something that the Sys Admin needs to install on the
> notebook
> that prevents a hacker from trying to connect?

There are a number of encryption algoritms that you can use. The most simple
form uses a simple key the sys admin has to install on the notebook. But you
can also use official certificates from an official certification authority.

Note: if the user logs in from the portable and some cracker succeeds in getting
control of the portable then that person also has access to your network.  If you
don't want that have a look at Secure Policy (? don't rememer the correct name)
this works like Secure Remote but adds the possibility to enforce security 
policies on the portable also (ofcourse you'll have to pay per user license
in this case, Securemote is free if you have the VPN module for the firewall.)

> 
> Thanks
> Laurence
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 
---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry." 
---------------------------------------------------------
Nico De Ranter
Sony Service Center (SDCE/NEE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Is SecuRemote Safe?
  - From: Laurence Mayer <[email protected]>

Prev by Date: AW: AW: [FW1] SecuRemote: CA, Encryption and Authentication
Next by Date: RE: [FW1] NAT / DMZ / Webservers / Routing?
Previous by thread: [FW1] Is SecuRemote Safe?
Next by thread: [FW1] Reporting Module Problem
Index(es):
- Date
- Thread