Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251
VPN Client Security
VPN Client Security

VPN Client Security
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
VPN Client Security David 08-29-2008
---> Re: VPN Client Security Paul Adare - MV...08-29-2008
Posted by David on August 29, 2008, 10:54 am
If you were  Registered and logged in, you could reply and use other advanced thread options


I'm interested in client security from the VPN.

For example if a VPN is established on a client (say either via a DLL or
Microsoft VPN), how does the client configure their machine to keep the
server side from using the VPN to browse or copy files from the client
machine?

Thanks
David



Posted by Paul Adare - MVP on August 29, 2008, 2:36 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


On Fri, 29 Aug 2008 14:26:07 -0400, David wrote:

> For example if as a client you are provided a DLL or VPN to link to a
> specific server, what keeps someone from the server side from using the DLL
> or VPN to view or manipulate the client system????

That isn't a client side setting, it is a server side setting. How it gets
set depends entirely on the VPN device in question.
Configuring security on the client side can mitigate this "issue". How you
go about that depends on the OS being used on the client. Whether or not it
is really an issue depends to a large degree on who owns the client
computer and whose VPN you're connecting to. If you're using a corporate
owned computer to access the corporation's VPN server then you really don't
have any expectation of privacy.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
This screen intentionally left blank.

Posted by Steve Riley [MSFT] on August 29, 2008, 3:22 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


Think of the VPN'ed client as being a full member of the remote network it
connected to. Clients locally-attached to that network can be accessed by
anything on that network. That's why I'm a big fan of using the Windows
firewall even on LANs. VPN clients are no different, really. Anything on the
remote network can connect to the VPN'ed client -- so proper client-side
security remains essential.

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



> On Fri, 29 Aug 2008 14:26:07 -0400, David wrote:
>
>> For example if as a client you are provided a DLL or VPN to link to a
>> specific server, what keeps someone from the server side from using the
>> DLL
>> or VPN to view or manipulate the client system????
>
> That isn't a client side setting, it is a server side setting. How it gets
> set depends entirely on the VPN device in question.
> Configuring security on the client side can mitigate this "issue". How you
> go about that depends on the OS being used on the client. Whether or not
> it
> is really an issue depends to a large degree on who owns the client
> computer and whose VPN you're connecting to. If you're using a corporate
> owned computer to access the corporation's VPN server then you really
> don't
> have any expectation of privacy.
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> This screen intentionally left blank.


Posted by David on August 29, 2008, 6:14 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


From responses it appears I'm either misunderstanding the response OR not
properly phrasing my question.

If I am a Independent client (not affiliated or an employee of the company
that owns the server) , and provided a DLL or VPN setup by a company to
access their server, how do I (as the client) protect myself under Windows
XP Pro from someone on the server side gaining access to my computer
(client) directories -- In other words can I keep them within their own
directory or user account -- details please on how to set up?





> Think of the VPN'ed client as being a full member of the remote network it
> connected to. Clients locally-attached to that network can be accessed by
> anything on that network. That's why I'm a big fan of using the Windows
> firewall even on LANs. VPN clients are no different, really. Anything on
> the remote network can connect to the VPN'ed client -- so proper
> client-side security remains essential.
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
>> On Fri, 29 Aug 2008 14:26:07 -0400, David wrote:
>>
>>> For example if as a client you are provided a DLL or VPN to link to a
>>> specific server, what keeps someone from the server side from using the
>>> DLL
>>> or VPN to view or manipulate the client system????
>>
>> That isn't a client side setting, it is a server side setting. How it
>> gets
>> set depends entirely on the VPN device in question.
>> Configuring security on the client side can mitigate this "issue". How
>> you
>> go about that depends on the OS being used on the client. Whether or not
>> it
>> is really an issue depends to a large degree on who owns the client
>> computer and whose VPN you're connecting to. If you're using a corporate
>> owned computer to access the corporation's VPN server then you really
>> don't
>> have any expectation of privacy.
>>
>> --
>> Paul Adare
>> MVP - Identity Lifecycle Manager
>> http://www.identit.ca
>> This screen intentionally left blank.
>



Posted by Shenan Stanley on August 29, 2008, 6:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


David wrote:
> From responses it appears I'm either misunderstanding the response
> OR not properly phrasing my question.
>
> If I am a Independent client (not affiliated or an employee of the
> company that owns the server) , and provided a DLL or VPN setup by
> a company to access their server, how do I (as the client) protect
> myself under Windows XP Pro from someone on the server side gaining
> access to my computer (client) directories -- In other words can
> I keep them within their own directory or user account -- details
> please on how to set up?

If they setup your computer - and did it so you do not have administrative
rights and it is technically theirs - you are probably between a rock and a
hard place.

If it is your computer (or a computer provided by another company) and you
are an administrator - put anything you don't want them accessing in some
encrypted format (using Windows EFS or TrueCrypt or something else.)

Basically - what you seem to be asking has nothing to do with VPN in
particular - as you would have the same issue if using their wireless, their
wired networking, etc... You should secure your computer with file/folder
permissions and a Software Firewall if you will be using it on other
people's networks. Just connecting to another network (VPN or otherwise)
does not change your security settings or how they work. Your software
firewall should keep them from accessing your computer. Your file and
folder permissions are still in effect. Any other protection you have
(antivirus, antispyware, intrusion detection, etc) all still work the same.

If you are setup to stay protected - connecting to a VPN should just add to
that and encrypt the data you send/receive over said VPN connection. It
does not (or should not) eliminate or bypass your other protections.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html



Similar ThreadsPosted
Forefront Client Security June 6, 2007, 1:07 pm
Novell VPN 3.8 Client and XP security privledges June 24, 2005, 9:58 am
client OS security under Virtual PC 2007 August 3, 2007, 12:34 pm
Forefront Client Security after-install problem July 5, 2007, 9:00 am
Error with Microsoft ForeFront Client Security May 28, 2008, 10:28 am
Failed to config. Forefront client security on sbs2003r2 July 22, 2008, 7:54 am
RDP Client & SSO September 6, 2005, 2:16 am
XDA2 VPN client January 5, 2006, 10:58 am
Antivirus on server or client? July 31, 2005, 6:50 am
Client can't reach SUS server December 13, 2005, 6:06 pm

The site map in XML format XML site map

Contact Us | Privacy Policy