Very good. Thanks !
""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Ah yes, security through obscurity. ;-) > > If I would have had to guess, I would have guessed you were using one of the > following VPN products: > > 1) Cisco > 2) Checkpoint > 3) Nortel > > I would have started with Cisco and assumed either a VPN concentrator or a > PIX. (in your case, I would have hit the first try) > > And, let me guess, your using ESP only (no AH) in tunnel mode with a shared > secret, not certificates. > > If I knew what company you worked for, I could probably find your VPN server > with a quick scan. If nothing else, I could just attempt an ISAKMP > connection on every IP address in your range and see what responds. > > Bottom line, your not providing your vendor with any information they > couldn't find with a few minutes worth of work if they wanted to. I _would_ > create the vendor their own group with their own shared secret, no reason to > give them something they can't obtain on their own, but the information your > revealing is nothing that is not publically attainable. > > In any case, unless you have a password protected modem, by using a modem > your creating an unauthenticated, probably unaudited backdoor into your > network via modem access, which is never a good idea. Concentrate your > resources on monitoring the doors you do allow and be draconian in > eliminating all others. > > HTH, > Kent > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Brown, M > Sent: Wednesday, April 24, 2002 4:51 PM > To: [EMAIL PROTECTED] > Subject: External Tech support connecting on server - VPN is OK ? > [7:42478] > > > I have to allow an external techinician to work on a third-party application > on my server. > Two options: Use connection through Modem or VPN Client (Cisco 3000 > Concentrator). > > I would go with the VPN account, and then at the end of the support work I > would disable the GuestTech account and change its password. > > My co-worker argues that he doesn't want to grant VPN account to the techGuy > because that would release our VPN server name and configuration to the > external technician. > So my co-worker prefers that the tech guys sticks to the slow modem > solution. > > Your thoughts ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42621&t=42621 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
