In article <000d01beb631$30f4e0c0$[EMAIL PROTECTED]>,
John Wiltshire <[EMAIL PROTECTED]> wrote:
>VPN systems provide the same protection from an untrusted OS as do telnet
>systems.
Theoretically, yes. Practically, they're much easier to exploit... once you've
got your code running on the target system you can look at the routing table
from untrusted code and piggyback on the VPN easily. A telnet or ssh connection
would require that you create an attack on the running telnet program, or else
lay down the attack ahead of time with a trapdoored client.
>VPN is simply a more flexible solution to the same problem - access to the
>system being managed.
And that flexibility represents a decrease in security. You have to decide
whether the tradeoff is worth it.
--
In hoc signo hack, Peter da Silva <[EMAIL PROTECTED]>
`-_-' Ar rug t� barr�g ar do mhact�re inniu?
'U` "Be vewy vewy quiet...I'm hunting Jedi." -- Darth Fudd
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
