Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
0
Helpful
4
Replies

Client Security Question

s.brady
Level 1
Level 1

‎09-27-2000 10:02 AM - edited ‎03-08-2019 07:46 PM

I have used other vendor's IPSEC solutions in the past, and I am now considering using the Cisco 3015 VPN solution for end users. Does the Cisco client provide any security on the client machine so as to prevent back-door connections through end user computers? Or should I start looking at personal firewalls for my end users?

Labels:
0 Helpful
4 Replies 4

jbohla
Level 1
Level 1

‎10-03-2000 12:12 PM

That is exactly what the IPsec (Internet Protocol Security) client does. You'll need a firewall product to hide your PC/intranet from the outside world (Internet). We use a Cisco PIX at our gateway. After using both a software based firewall and a PIX, we found the PIX is easier to manage and the overhead is quite a bit less.

Hope this helps

0 Helpful

russ.mack
Level 1
Level 1

‎10-06-2000 11:04 AM

As long as you don't enable split tunneling (by default it's disabled), all Internet activity outside the tunnel is blocked while the VPN client is running. If you're trying to protect your private network from the end user system itself, security should probably be on your end of the tunnel, not theirs, unless their system is really locked down.

0 Helpful

jfigursky
Level 1
Level 1

‎12-07-2000 07:05 AM

I just finished testing the security of the Cisco VPN client. It is excellent! I tested multple "backdoor" senarios including NICs and modems. The result was that ALL interfaces are unreachable while the client is in a VPN session. I tested with port scans and having applications and shares running. No connections are shown in the port scanner and applications and shares are disconnected. This should eliminate the need for a personal firewall in most instances. This is a feature that the Microsoft PPTP client doesn't provide.

Happily,

Jamie

0 Helpful

jkirby
Level 1
Level 1
In response to jfigursky

‎02-13-2001 02:37 PM

This is precisely the reason we have not allowed our sales force to use their home PC's over their swanky DSL connections. It is also the reason we are going with the Altiga client, less need for a firewall.

But it is important to note that the default functionality of the Alitga client does not completely eleminate the need for a firewall. If your users are tunneling in to your corporate network, then they are undoubtedly storing (or unknowingly cacheing) sensetive data on their machine. Once that tunnel is brought down, that machine is now ripe exploit. Heck, a good hacker would have an automated agent that sat on the computer, waited for the tunnel to build, captured the data, then waited for the tunnel to drop before sending it all home. Being able to stop interactive intrusions into your network via the VPN tunnels is an important feature, please don't get me wrong.

Personal firewalls, especially ones that can be administered from the office, are absolutely necesarry if you allow your users to tunnel in from home. As we all know, it's not a matter of if a DLS/Cable-modem user gets hacked, it's when.

0 Helpful
Customers Also Viewed These Support Documents