05-14-2001 11:51 PM - edited 02-21-2020 11:20 AM
I have the VPN Client installed on several windows 2000 clients. Is it possible that the security of the VPN could be comprimised at the client end, ie.(Attack) IP hijacking/cloning/Viruses? Should a personal firewall utility be installed on the 2000 workstation?
05-17-2001 01:07 PM
In all tunneling, all traffic must go back to the central site and is enforced by the central site concentrator. It is good practice to use a Personal Firewall in conjunction with a VPN Client. You should run quality virus protection software as well.
06-07-2001 11:28 AM
Firstly, split-tunnelling should be disabled. If it is enabled then an intruder can subvert the remote W2k client through the clear internet tunnel and launch an attack on the corporate network through the encrypted tunnel. Therefore, it is advisable practice to disable split-tunnelling in enterprise VPN implementattions.
Personal Firewalls: These are helpful as an extra layer of secuity on the remote side. However, it would be a nightmare if these cannot be centrally managed and come with restriction features. Do note that Cisco is working on releasing a Zone Alarm (personal f/wall) that will be integrated with their future client.
Also note that the Cisco clients can be centrally managed. The policies are automatically replicated to all clients as they connect. This too is a very useful security feature.
06-07-2001 03:41 PM
When I placed a call for Cisco tech support, the Cisco tech said that future versions of the Cisco VPN client will include a personal firewall. This would be great...even better if we can enforce firewall policy configuration by putting the policy on the concentrator and having the client download it each time they connect!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide