Thu Aug 14 14:31:07 GMT 2003 VPN's thwart security?
I have several customers that have to use a VPN to one of their suppliers. It's really silly: all that the VPN access gives them over going to the same web site via http is that information at the web site is fifteen minutes delayed. It's just inventory data: is this item really available right now, and if so, grab it. Obviously no need for super-secret security here. Even if there were, if https is good enough for my bank, why isn't it good enough for this? Well, I've had that argument, but the folks that run the site don't get it, so we're stuck with the VPN.
Although I do not know all the details yet, it looks like this may have allowed the MSBLAST worm to get into my clients networks. I don't control the firewall at all of these places, but from what I know about some of them, the worm should not have been able to get in any other way. Most of these people have the VPN on just about all of their machines, so the damage was extensive.
VPN's are a great way to connect your own remote offices, but you should think twice before connecting your network to someone else in this way. If you have to do this, you need PC firewall software on each PC that connects. Configuring that to allow whatever you need from the other network while protecting you from any danger there can be quite tricky, so you may want to seek more expert advice.
Got something to add? Send me email.
More Articles by Tony Lawrence © 2009-11-07 Tony Lawrence
Today’s computers are not even close to a 4-year-old human in their ability to see, talk, move, or use common sense. One reason, of course, is sheer computing power. It has been estimated that the information processing capacity of even the most powerful supercomputer is equal to the nervous system of a snail—a tiny fraction of the power available to the supercomputer inside [our] skull. (Steven Pinker)