In article <004601bec810$013a9140$[EMAIL PROTECTED]>,
Mike Batchelor <[EMAIL PROTECTED]> wrote:
>Deepsixing the term server is actually a pretty good idea, and may have a good
>chance of flying if you pitch a good VPN product as its replacement.
How does a VPN product change the exposure? Either way the user's machine
is simultaneously on the Internet and on the company lan... whether the
second network connectin is through an encrypted tunnel or a DUN connection
to a terminal server doesn't seem to make any useful difference.
No, from a security standpoint a VPN is exactly the same as any other dual-
homed setup. You'd get better security by recognising this and providing a
DMZ for your modem pool or the "inside" end of the VPN, with only those
resources your dialup users need to have access to exposed.
--
In hoc signo hack, Peter da Silva <[EMAIL PROTECTED]>
`-_-' Ar rug t� barr�g ar do mhact�re inniu?
'U` "Be vewy vewy quiet...I'm hunting Jedi." -- Darth Fudd
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
