Date: Wed, 12 Apr 2000 14:44:18 -0700 (PDT) From: net admin <admin@pacex.net> To: FreeBSD-security@FreeBSD.org Subject: VPN and Firewall security implementation Message-ID: <Pine.BSF.4.10.10004121423290.61373-100000@almazs.pacex.net>
next in thread | raw e-mail | index | archive | help
Hi Folks; I am posting this question with the full understanding of the the posting gudelines for this list and according to the list charters I think my question qualifies as a security thechnical issue. If I am wrong I appologize. We have FreeBSD-3.3-STABLE mail/HTTP/DNS/RADIUS servers on a lan behind a Cisco IOS firewall/router setup, with some servers running ipfw for added security. Some of our corporate dialup clients are using various VPN implementation to dial to corporate networks through our network (some use MS VPN stuff and some use proprietory remote access S/W). The problem we're having is that configuring our firewalls for mail/DNS/HTTP/RADIUS allows user full access to those services but not remote access to corporate LANs and we don't know what services to allow to accomodate the corp. customer because of the varied implementation of VPN stuff out there. We are now considering redesigning our fire wall to deny specific services (known security holes) and allow the rest, I know it is bad design policy but revenue is at stake here. What will be a sensible security consious solution to this kind of problem. Thanks and sorry if am being trival. Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10004121423290.61373-100000>