RE: Windows 2000 and Cicsco router interoperability

[Chris Trobridge <CTrobridge@baltimore.com>]

> From: CHINNA N.R. PELLACURU [mailto:pcn@cisco.com]

> When we use L2TP to provide a VPN link to a user into the 
> private network,
> it is just emulating as if the user is on the private 
> network. When a user
> requests for VPN access, he has to authenticate and prove his 
> credentials
> before he can gain access to private network.
> 
> Once the user has gained access, he is virtually on the private network.
> He can do whatever he would be normally allowed to do when he is
> physically on the private network. So, if your private network allows one
> user to easily spoof other users, then that is _not_ a  failure of the VPN
> technology, but your security infrastructure in the private network.

This assumes that policy does treat 'dial-in' users as the same as networks
physically on the network.  I think this is an invalid assumption.  I am
sure that certain organsisations would regard remote access as being less
secure and would want to restrict the resources that could be accessed
remotely.  This doesn't even have to mean that the VPN technology itself is
inadequate, merely that the environment that the remote user is operating in
may not be regarded to be secure enough.

Chris

---

Follow-Ups:

• RE: Windows 2000 and Cicsco router interoperability
• From: "CHINNA N.R. PELLACURU" <pcn@cisco.com>

---

• Prev by Date: PPP over IPSec (Re: Windows 2000 and Cicsco router interoperability)
• Next by Date: RE: Windows 2000 and Cicsco router interoperability
• Prev by thread: Re: Windows 2000 and Cicsco router interoperability
• Next by thread: RE: Windows 2000 and Cicsco router interoperability
• Index(es):
  • Main
  • Thread