Re: VPN and Personal Firewall

matthew.vangroesen · ‎05-14-2001

I have the VPN Client installed on several windows 2000 clients. Is it possible that the security of the VPN could be comprimised at the client end, ie.(Attack) IP hijacking/cloning/Viruses? Should a personal firewall utility be installed on the 2000 workstation?

bstremp · ‎05-17-2001

In all tunneling, all traffic must go back to the central site and is enforced by the central site concentrator. It is good practice to use a Personal Firewall in conjunction with a VPN Client. You should run quality virus protection software as well.

aameer · ‎06-07-2001

Firstly, split-tunnelling should be disabled. If it is enabled then an intruder can subvert the remote W2k client through the clear internet tunnel and launch an attack on the corporate network through the encrypted tunnel. Therefore, it is advisable practice to disable split-tunnelling in enterprise VPN implementattions.

Personal Firewalls: These are helpful as an extra layer of secuity on the remote side. However, it would be a nightmare if these cannot be centrally managed and come with restriction features. Do note that Cisco is working on releasing a Zone Alarm (personal f/wall) that will be integrated with their future client.

Also note that the Cisco clients can be centrally managed. The policies are automatically replicated to all clients as they connect. This too is a very useful security feature.

edricb · ‎06-07-2001

When I placed a call for Cisco tech support, the Cisco tech said that future versions of the Cisco VPN client will include a personal firewall. This would be great...even better if we can enforce firewall policy configuration by putting the policy on the concentrator and having the client download it each time they connect!