Re: [Openvpn-users] OpenVPN Admin Security

[Mike Tancsa <mike@xxxxxxxxxx>]

At 12:40 PM 01/08/2005, Chip Mefford wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> openvpn@xxxxxxxxxxxxxxxxxxxx wrote:
> > Hi,
> >
> > Checkpoint VPN and other commercial VPN solutions include a firewall on
> > the client which is managed by the central company via profiles.
> >
> > The idea is to guarantuee that the VPN user won't be a bridge between the
> > intranet and the internet via some spyware or other stuff as one basically
> > cannot control the remote VPN client. The firewall at least prevents any
> > unauthorized communication.
>
> What are the terms of this guarantuee ?

Yes, I dont see how this can reliably work. If the end user's computer has 
been trojaned with spyware/malware, what is to prevent the malware from 
overriding / tampering with the client software.

> I can't imagine how to tamper-proof any solution.

One thing I have been thinking about is to use bootable CDs.  Most of the 
time my clients just want RDP access back to HQ, or the internal intranet 
via web based apps-- both of which could be accommodated via something like 
Knoppix.  e.g. burn a CD image for each user that they then fully boot from 
to get VPN access.

        ---Mike 


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users