Can a virus get propagated over a L2L?

Unanswered Question
Nov 3rd, 2009
User Badges:

Hello all, I have a question. I work at a hospital with about 500 PC's. A much larger hospital (40,000 PC's) wants me to setup a site-to-site VPN. My concern is this hospital got hit hard with the Confiker virus earlier in the year that took them a couple of weeks to get rid of, what is the chance that a virus will propagate over the site-to-site VPN and infect my PC's? I'm sure they would want to do subnets instead of host ACLs. I have an ASA with the SSM module installed; will this inspect encrypted VPN traffic?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
hobbe Mon, 11/16/2009 - 01:37
User Badges:
  • Gold, 750 points or more

To start with your original question, will a virus propagate over a L2L ?

Yes it will (as a general rule)


What are the chances of this happening ?

basically it is a question impossible to answer without more information, but I would state that if that is the virus method of spreading (networks) then I would say it is a very high probability that it would spread to your network to.


No the SSM will not inspect encrypted VPN traffic. (it is encrypted !)

However if the vpn is terminated in the same Device as the ssm is installed on I am shure that it is possible to use the SSM to check the traffic that is coming from the other side of the VPN and also the traffic leaving for the other side.


There is nothing stating that you can not do acls based on subnet, however only open the things that realy needs to be open and only between the hosts that needs it.

If you follow that rule (anything else is just stupid) you will end up with a combination of both subnet and hosts in the access-lists.


HTH



PaulWelc Mon, 11/16/2009 - 05:53
User Badges:

Thanks HTH, I figured this to be true. I will take a look at the SSM to see the impact of filtering the traffic.

Paul

Actions

This Discussion