RE: ISA server and secure VPN clients
- From: "Ara.A" <ara@xxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 24 Oct 2004 17:50:44 -0400
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sitetositevpn.msp
x
http://www.rainfinity.com/products/ds_rainconnect_isa.html
> -----Original Message-----
> From: Michael Bertelsen [mailto:mbe@xxxxxxxxxxxxx]
> Sent: October 24, 2004 6:50 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA server and secure VPN clients
>
> http://www.ISAserver.org
>
> How nice of you guys to respond so quickly. I am just sorry that you did
> not take the time to think on what I wrote instead of simply mistaking me
> for a rookie.
>
> I do realize that many people have a "Microsoft cannot be secure"
> attitude, but this was in no way what I was getting at.
> I am a MS Certified consultant, and I have been working with MS products
> as a proffesional for over six years....
>
> The point of my previos post was to investigate whether others had thought
> of and maybe solved (what I find to be) the problem with MS VPN.
> I have been searching for a solution of controlling VPN clients after the
> tunnel has been build.
> I have spend the several hours today digging into CMAK, RRas policies and
> ISA firewall rules and add-ins, but have not found a way to make sure that
> a user does not manually change the routing information on the computer.
>
> Think of this situation:
>
> A user downloads and installs a fun little app, and with it a trojan.
> Later the user open a MS VPN connection.
> During the establishing of the locked down (CMAK) VPN connection the
> Quantine scripts will check the routing table, the antivirus, then
> firewall etc, but the trojan will not be detected.
> The VPN connection is established successfully.
>
> Now at this point what is stop the trojan process from adding or changing
> a route entry and thereby effectively sending traffic around the VPN
> tunnel. (Other than making sure the user is not local admin :-))
> This situation will actually enable a hacker to control the client
> computer and launch an attack through the vpn tunnel.
>
> If you actually do have a way to prevent this scenario, I would very much
> like to here it, as I am encounting an increasing numbre of requests for
> MS like VPN functionallity, that third party vendors has a hard time
> offering.
>
> A Nortel VPN implementation solves this by continuesly monitor the routing
> table and closes the VPN tunnel in case of a change in the routing table.
> I was hoping for a somewhat semilar MS solution.
>
> I look forward to a hopefully somewhat more useful answer from you.
>
> Regards,
>
> Michael
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> ara@xxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
