But this does
not protect against any virus or worm that has been infected on the client!
Worms or virus usually comes from downloads of software, if he/she gets
infected with one of these virus, e.g. CodeRed, the client can start spreading
through the VPN tunnel into the “secure network”.
I think
the solution is to have a “policy” that checks if the client has a virus
scanner installed on the desktop, threat the remote machine as a internal
network client.
Do you know
if NG has this capability?
-----Original
Message-----
From: Larry Pingree [mailto:[email protected]]
Sent: Thursday, August 23, 2001
4:45 PM
To: Hanke, Christian (DC);
'[email protected]'
Subject: RE: [FW1] Keeping
SecureClient PC's Safe.
Currently with
secureclient you can deny incoming connections to your network. The new NG
secureclient will allow you to configure rules that are outbound from the
secureclient box as well.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Larry Pingree
Sr. Security
Engineer/Check Point Instructor
CCSA, CCSE,
CCSI, ICE, ICI, NSA
Website: http://www.SiegeWorks.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-----Original Message-----
From:
[email protected]
[mailto:[email protected]]On Behalf Of Hanke, Christian (DC)
Sent: Monday, August 20, 2001 2:38
PM
To:
'[email protected]'
Subject: [FW1] Keeping
SecureClient PC's Safe.
I am interested in what,
if any, precautions others are taking to insure that the PC's using
SecureClient to connect to their networks via VPN are not themselves
compromised. My concern is that someone at home will be virus laden,
compromised by a trojan, or who knows what else and then in turn compromise our
network security by tunneling in to our cooperate network. Is this a valid
concern? I am playing with the idea of requiring either a NAT box or one of the
new Home Internet Gateways which include firewall functionality for users who
wish to take advantage of the high speed VPN connection to our network. Of course,
there would be no way to make sure their settings and configurations were
optimal. What's everyone else doing about this? Your feedback would be greatly
appreciated. Thanks all,
Christian
__________________________________________________________
I N T E
R N E T M A I L
This
mail message originated outside Commerzbank
via the
Internet. As a result, the sender's address
is not
verifiable.
__________________________________________________________