[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] VPN Security using SecureRemote and Cable LAN Modems

To: "Schepers, Mike" <mscheper@ciena.com>
Subject: Re: [FW1] VPN Security using SecureRemote and Cable LAN Modems
From: bbbrandt@mmm.com
Date: Thu, 29 Apr 1999 11:39:03 -0500
Cc: 'Fw-1 Mail List' <fw-1-mailinglist@lists.us.checkpoint.com>


The old securemote which works based on a proprietary encyrption alg (FWZ?) and was
a shim
implementation, only encypts/decrypts traffic going to/coming from addresses in the
encryption
domain.  This makes the PC it is running on vulnerable to Internet based attacks
which might use
the PC as a gateway to get into the corporate network.

IPSec Tunnel solutions have the ability to prevent this sort of compromise when the
Tunnel is up, but
the PC is still vulnerable to attack when the tunnel is not up.    I have heard that
the new securemote is
IPSec capable, but have never seen specific details discussed on this list.

Does anyone have more specifics?

Bob Brandt, 3M


Schepers, Mike wrote:

> I have a question regarding SecureRemote.  Many of my users are asking
> for higher speed access (i.e. Cable modems) and I am concerned about
> their security.  My understanding is that cable modems operate in a
> shared environment (community) and most all cable ISP equipment does
> not/will not encrypt the data stream from individual users.  Thus,
> access is open to even an light-weight hacker.  I understand the
> principles behind the SecureRemote offering from CheckPoint that will
> create a secure encrypted VPN between the remote PC and the Company
> network (through the firewall).
>
> What I can not get a satisfactory answer to is how exactly does the
> SecureRemote application works with the PC TCP/IP stack; does it
> completely take it over so that ALL communication is secure... or can
> this remote PC be used as a gateway system for a hacker to hop between
> the Internet and private company network?  Also, does the security
> scenario change with the introduction of a cable LAN modem?  For a
> company that wants to maintain security should we enforce distributed
> PC/personal firewalls?
>
> Following is an excerpt from CheckPoint's web site regarding
> SecureRemote... which would seem to indicate that only communication
> between the PC and the corporate network is secured... not communication
> to the PCs ISP.  And there was not mention of security against an
> attempt to use this PC as a gateway point of attack.
>
>         Once established, the VPN will transparently encrypt and
> authenticate
>         business critical data traveling between the corporate network
> and the
>         user's laptop or desktop PC to protect against eavesdropping and
>
>         malicious data tampering.
>
> Can anyone point me in a direction where I can obtain some more
> conclusive information regarding this issue.
>
> I greatly appreciate your help.
>
> Sincerely,
> Mike Schepers (mscheper@ciena.com)
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Overlapping Encryption Domains
Next by Date: [FW1] fw_xlate_backw_drv error
Prev by thread: [FW1] VPN Security using SecureRemote and Cable LAN Modems
Next by thread: [FW1] SecureView Documentation
Index(es):
- Date
- Thread