On Wed, 8 Mar 2000, John Adams wrote:
> Hmm, I guess you're configuring VPN differently than I am. Our VPN Server
Nope.
> is part of our firewall (PIX), but the certificate servers that grant
> access to the network are on the inside of the firewall. The encryption
> boundary is at the DMZ, and access beyond that is granted only if the
> right certificates are present, verified through a 3rd party CA.
Which doesn't address the other end of the VPN, in the case you cited,
someone's home. VPNs don't violate the tradtional "red/black" network
encrtyption boundary issues only in the network to network case where
the networks in question have been fairly rigourously locked down. Host
to network VPNs have an inherrently flawed security model.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
