RE: CRIME secure mail programs/internet

From: jradke@private
Date: Fri Nov 30 2001 - 18:33:48 PST

  • Next message: Lyle Leavitt: "CRIME "Hackers." rebroadcast Nov. 29 on OPB"

    Heidi,
     
    Strictly my opinion but take into consideration:
     
    Users VPN to corporate via the Internet so what should they be able to
    access? You want them to follow the same security policy that you have to
    protect your users at work! FREQUENTLY users connect to the Internet,
    startup their VPN tunnel to work and leave it up all day (while they also
    surf the net) all the while their home PC has a very tasty connection to
    corporates network! What's easier to hack? A home PC running 98,ME, or your
    corporate firewall?
     
    Enforce the security policy by preventing the users from accessing the
    Internet through their local ISP connection. Most VPN solutions can setup
    the user profile to use the secured tunnel as the default gateway not the
    Internet. This means if the user wants to access the Internet they must do
    so through the tunnel using the rules setup on your firewall. You can also
    disallow the user from accessing the Internet through the tunnel at all!
    Understand that the purpose of the tunnel is to gain access to network
    resources securely, remotely and for work purposes. If the user needs to
    access the net then they need to do it when not connected to corporate.
     
    In brief, do not allow users access to the Internet except through the
    corporate firewall, if at all.
     
    -JGR
    -----Original Message-----
    From: Heidi [mailto:mcps@private]
    Sent: Friday, November 30, 2001 2:56 PM
    To: CRIME
    Subject: Re: CRIME secure mail programs/internet
    
    
    Thank you to all who have responded to my questions.  All your suggestions
    are very much appreciated and will help me greatly with trying to point out
    these security/confidentiality issues to this organization.  I am always
    open to more suggestions and recommendations.  Thank you. Heidi
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:29 PDT