Hi, VPN to an ADSL connection is

[darren77uk]

Hi,

VPN to an ADSL connection is it secure?

I do know that VPN to a Cable Modem is less secure than to ADSL.

Obviously the user would need a mini firewall protecting their machine from external threats.

But I think the main concern is since they have a “Always On” Internet connection, this is difficult to monitor what a user is doing. Is there any documentation on how this can be tackled? When I say monitoring, I am talking about what sites they visit, what kind of activities they are up to.

HELP!!!

Regards,
Darren

 

[tangram]

Hi Darren,

VPN security all depends on what form of encryption your using over the pipe. CHAP (Challenge Handshake Authentication Protocol) that MS uses as a default is pretty good but using IKE (Internet Key Exchange) with the keys and encryption algorithms being negotiated by dedicated firewall products like Firewall-1 are about as secure as you can get. It depends on how much money you want to throw at it really. I guess the amount of money you want to spend is dependant on the type of information being transferred over the wire and how protected you want both ends of the pipe to be.

I would gather from your post that you’ve got a situation where you have a remote user logging into your LAN and they are the ones with the ADSL connection? To keep the remote user secure, Sygate or ZoneAlarm software firewalls, when correctly configured, are both excellent ways of securing the home user if you don’t need, or can’t justify the expense, of a dedicated firewall.

Keeping track of what they’re up to depends on what access they have to your LAN though. To answer that question more fully you would need to think about which the assets that the user can actually use and what sort of information you actually want to track. Data logging on the assets rather then tracking the user directly may be the cheapest way of doing this. This will have the advantage that you could see what everyone is up to, not just your hypothetical remote user. Alternatively you could install a system to directly log the users computer use. Key-stroke software could be employed, but this in itself can lead to some serious security issues as such software will be recording passwords and account names with as much alacrity as it does everything else. A more secure though more expensive method of doing this would, again, be a dedicated system. Something like the BlackBox eNFILTRATOR computer monitoring software would do this for you.

 

[Guest_imported]

The threat encompasses broadband in the general sense. ADSL, SDSL, HDSL, Cable Modem...... all pose the always-on threat. Simple solutions are a router, which enables the blockage of ports as well as freeware like ZoneAlarm which does a good job. Other than that virus protection is always a good idea. Virus is more likely to occur higher up in the OSI model, which narrow down UDP and TCP for connection oriented access to apps. Follow this and you have as good as protection as anyone else. I have yet to be a victim.