[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Is SecuRemote Safe?
On Thu, Jun 21, 2001 at 04:47:53PM +0200, Laurence Mayer wrote: > > Please can someone correct me if I am wrong : > > In order to create a VPN between a mobile user and the firewall. The user > needs > to have SecuRemote installed, connect to the site and login using login name > and password, once he is logged in > he has access to the entire LAN, correct? He has access to the parts you allow him access to. Packets coming in through a VPN are still subject to the Firewall policy. I would suggest to restrict access to specific servers anyway. > If this is correct what stops a potential hacker from getting the ip address > of my FW and > guessing login names and passwords? > > Is there no key or something that the Sys Admin needs to install on the > notebook > that prevents a hacker from trying to connect? There are a number of encryption algoritms that you can use. The most simple form uses a simple key the sys admin has to install on the notebook. But you can also use official certificates from an official certification authority. Note: if the user logs in from the portable and some cracker succeeds in getting control of the portable then that person also has access to your network. If you don't want that have a look at Secure Policy (? don't rememer the correct name) this works like Secure Remote but adds the possibility to enforce security policies on the portable also (ofcourse you'll have to pay per user license in this case, Securemote is free if you have the VPN module for the firewall.) > > Thanks > Laurence > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > --------------------------------------------------------- "It has been said that there are only two businesses that refer to customers as users: illegal drug trade and the computer industry." --------------------------------------------------------- Nico De Ranter Sony Service Center (SDCE/NEE-B) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|