Re: VPN questions -- PCTECH

I pretty much agree with your summation.

A good book, but heavy, is Building Internet Firewalls from O'Reilly.

----- Original Message ----- 
From: "John Ross" <jross-ml@xxxxxxxxxxxxxxx>
To: "PC Technical Discussion for iSeries Users" <pctech@xxxxxxxxxxxx>
Sent: Thursday, August 05, 2004 2:20 PM
Subject: Re: [PCTECH] VPN questions


> I would say it is a level of risk and your target level. For the
> companies I have worked for I would not have a problem with them surfing
> the web and being on the VPN. But if I were a high profile company or
> agency I might think different.
>
> You also have to look at it in the whole security system. Am I going to
> lock VPN down to the N degree when I have a firewall that has all ports
> going out open and no one looking at the logs for the firewall. The
> phone home proxy server could be setting on my internal network and I
> would not know it, in that case. And if I was targeting your company and
> the phone home proxy server is not in the wild it will not be added to
> virus definition files. Back to security as a whole, when you think of
> security of a building do you think I am going to make it so no one can
> get in this one window. But with buildings you have a better idea of
> what needs to be done and why. So you might want to ask what are the
> best book(s) to read on computer security (I do not know of any, but
> sure there are some if not lots), so that way you can get an
> understanding of how something is done, how likely it is to happen and
> how it proteins to your company, and what can be done to stop it.
>
> John Ross
> www.ERP400.com
> www.Netshare400.com
>
>
> Dan Bale wrote:
> > Boy, I thought this was going to be a short thread!  It seems to be
delving
> > into such fine (low-level?) points of security that I can only rely on
> > expert opinions, as opposed to making intelligent decisions.  It seems
to
> > me, decidedly non-expert in terms of security, that the several of you
> > participating in this thread know what you're talking about.
> >
> > So I would just like to ask where some of you are in disagreement.  Is
it
> > simply a matter of opinion of the risk of exposure?  I acknowledge that
> > there is risk involved in everything we do.  One of you might say that
the
> > risk of exposure of surfing the web locally while having a VPN
connection to
> > work is so miniscule that it's not worth worrying about, and someone
else
> > may feel that it is significant enough that it shouldn't be allowed.  Or
are
> > there two (or 500) ways to bake a cake?  Both have made their decisions
> > based on education and experience.  It is clear that everyone here
behaves
> > professionally, and I am thankful that there are no pi$$ing matches.
(So
> > let's keep it that way! <G>)  But this also means that I'm not getting a
> > clear picture of the nature of the differences.
> >
> > In the end, this has made me sharply aware of my security deficiencies.
But
> > I have also learned a bunch.
> --
> This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list
> To post a message email: PcTech@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/pctech
> or email: PcTech-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/pctech.