Terms you'll need to understand:
Techniques you'll need to master:
With all this talk about VPN security, it is hard to imagine that any additional security is necessary. Well, the cliché goes that a chain is only as strong as its weakest link. Now imagine your company's building is suspended from that chain, and it is the only thing that is keeping it from collapsing and crumbling. Would you want to ensure that every link in that chain is strong enough? Albeit a little drastic, the analogy rings true to security practices. When should you feel secure enough to let your guard down? The answer is never. Security is always an ongoing process and all aspects of security must be considered. To this point, we have been primarily discussing how to fortify the central location with the VPN concentrator. This also includes securing the remote access connections into that central location. One aspect we did not consider yet is securing the clients themselves. Any workstation employing a VPN client is susceptible to Trojan horses or other malicious services that can launch an attack or give access to secure data. If we cannot protect the clients that we trust, then they are a liability to become the weak links in our overall security chain. This chapter looks at the reasons clients can become a danger to your security implementation. After helping you identify the problem, it then provides a look at the solutions you can offer those clients in terms of firewall protection. In addition, it looks into the VPN Concentrator's unique ability to enforce firewall policies and to interact with these firewall clients. |