Ah yes, security through obscurity. ;-) If I would have had to guess, I would have guessed you were using one of the following VPN products:
1) Cisco 2) Checkpoint 3) Nortel I would have started with Cisco and assumed either a VPN concentrator or a PIX. (in your case, I would have hit the first try) And, let me guess, your using ESP only (no AH) in tunnel mode with a shared secret, not certificates. If I knew what company you worked for, I could probably find your VPN server with a quick scan. If nothing else, I could just attempt an ISAKMP connection on every IP address in your range and see what responds. Bottom line, your not providing your vendor with any information they couldn't find with a few minutes worth of work if they wanted to. I _would_ create the vendor their own group with their own shared secret, no reason to give them something they can't obtain on their own, but the information your revealing is nothing that is not publically attainable. In any case, unless you have a password protected modem, by using a modem your creating an unauthenticated, probably unaudited backdoor into your network via modem access, which is never a good idea. Concentrate your resources on monitoring the doors you do allow and be draconian in eliminating all others. HTH, Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brown, M Sent: Wednesday, April 24, 2002 4:51 PM To: [EMAIL PROTECTED] Subject: External Tech support connecting on server - VPN is OK ? [7:42478] I have to allow an external techinician to work on a third-party application on my server. Two options: Use connection through Modem or VPN Client (Cisco 3000 Concentrator). I would go with the VPN account, and then at the end of the support work I would disable the GuestTech account and change its password. My co-worker argues that he doesn't want to grant VPN account to the techGuy because that would release our VPN server name and configuration to the external technician. So my co-worker prefers that the tech guys sticks to the slow modem solution. Your thoughts ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42490&t=42490 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
