I try to explain what I mean : You have a mobile user who uses your VPN. You have an L2TP or Layer 3 transport agreement some of the ISPs (exp : AT&T) Now if your user call ISP which has an agreement with you, this user transported to you. And you authenticate again (if you want) than give him/her an IP. At this point they don't have any internet connection. After authenticate (or not) your mobile user, you give some restrictions to their. ( they can use some of your servers or not; they can access internet via you or not, etc.) Now if you give them "internet connection access permit", they have to access internet over your main gateway. This mean; if any hacker want to put Backdoor ob your mobile users via the internet, they must bypass your main gateway. If they can bypass your main gateway, there is another problem, but this is not a VPN problem.
Monday, December 03, 2001, 8:29:59 PM, you wrote: KH> Not sure what you mean by this. The VPN technology used is irrelevant. If KH> I have a home user who uses their laptop to access the Internet, there are KH> various ways that machine could become compromised. If that user then KH> attaches to the VPN, I have a machine on my VPN that is compromised. It KH> doesn't matter what the method of VPN is (L2TP with IPsec, PPTP, etc), it's KH> not going to keep a compromised machine from continuing to be compromised. KH> All the VPN can do is keep a non-compromised machine from becoming KH> compromised through the VPN. If the machine is compromised before it KH> connects to the VPN, no amount of VPN technology is going to help. KH> This issue is not solvable through VPN technology because it isn't a VPN KH> problem. It's an end-station access control problem. At the end of the KH> day, if your users are allowed to completely control their own machines, the KH> liklihood that someones machine will be compromised approaches 1.0. (in KH> other words, certainty) This risk can be mitigated through various software KH> and poliices, but it cannot be eliminated. KH> -Kent --- cut here --- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28166&t=27725 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
