Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Client Security

Status
Not open for further replies.
Wazz

Wazz

Technical User
Aug 12, 2002
209
GB
I am interested in VPN client security and have some basic questions I can’t seem to answer.
At my place of work I am part of a team that installs a home workers solution. This is basically checkpoint VPN software and a router. The router uses NAT and blocks ping, SNMP and “web Traffic” from the WAN., but we don’t stop telnet, ftp and tftp traffic. The router is also not wireless, but I do no for a fact, that some users have unplugged our router and used there own wireless routers.
So, the first question is about the VPN software. I have been told by a manager at my place of work that the VPN software acts as a firewall... I find this hard to believe! I was sure the software just established and terminates the vpn connection and deals with data encryption over the link.
The other main issue is that our laptops used by Home Workers do not have any firewall. The windows firewall is disabled in group policy. This leaves ports 21, 23, 80, 135, 139 and 445 open (as so reported by a port scanner on my laptop)
Given all the main info above, I think that this is a very insecure solution and could provide a gateway to our company network. Which leads to my Main Question… Am I right? If anyone could confirm this and possibly a way (using utilities/port scanners etc) that I can prove this I would be very grateful!

Many thanks,
Wazz
 
Sort by date Sort by votes
I can't speak to Checkpoint, so you'll need to check with them. We use Cisco, and have the ability to force a stateful firewall to be installed and running, and I thing AV software, before the VPN connection is made. When the VPN isn't connected, of course, it could be turned off.

Also, no network connection is available to the user except the VPN while it's running. That might mitigate some threats.

Checkpoint probably has similar features available.
 
Upvote 0 Downvote
Damn.. its annoying having a page back button next to the arrow keys.. I just lost everything I typed.. Here it goes for a second time!

Thanks for the reply!
Igarner,
Your users have to have a firewall enabled before a vpn connection can be made? Can they still log on to the PC without the VPN connection in place using a cached profile? (thus leading to unsecured web acess).
Our Users can cancel the VPN logon and use a cached profile to log on at home or disconnect the VPN connection after domain logon. All a user would have to do is untick the use proxy setting and they have unprotected internet access.
This would/could lead to code from sites, P2P software, downloads being installed to the laptop. If this is the case and such programs made outbound connections, then NAT would be of no use at all. If we have no firewall to block these outbound connections then we could be asking for trouble.
Am I right?
I suppose though for a system to be comprimised in my described way the VPN would have to be disconnected, keeping the network safe. Am I missing something.. any one else give me something to think about on this?
ta!
Wazz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

eleafpod
  • Locked
  • Question
ISO the best security camera monitoring system
Replies
2
Views
947
Pigasque
Pigasque
teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
445
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
333
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
274
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
238
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top