cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
365
Views
5
Helpful
2
Replies

Can a virus get propagated over a L2L?

PaulWelc
Level 1
Level 1

Hello all, I have a question. I work at a hospital with about 500 PC's. A much larger hospital (40,000 PC's) wants me to setup a site-to-site VPN. My concern is this hospital got hit hard with the Confiker virus earlier in the year that took them a couple of weeks to get rid of, what is the chance that a virus will propagate over the site-to-site VPN and infect my PC's? I'm sure they would want to do subnets instead of host ACLs. I have an ASA with the SSM module installed; will this inspect encrypted VPN traffic?

2 Replies 2

hobbe
Level 7
Level 7

To start with your original question, will a virus propagate over a L2L ?

Yes it will (as a general rule)

What are the chances of this happening ?

basically it is a question impossible to answer without more information, but I would state that if that is the virus method of spreading (networks) then I would say it is a very high probability that it would spread to your network to.

No the SSM will not inspect encrypted VPN traffic. (it is encrypted !)

However if the vpn is terminated in the same Device as the ssm is installed on I am shure that it is possible to use the SSM to check the traffic that is coming from the other side of the VPN and also the traffic leaving for the other side.

There is nothing stating that you can not do acls based on subnet, however only open the things that realy needs to be open and only between the hosts that needs it.

If you follow that rule (anything else is just stupid) you will end up with a combination of both subnet and hosts in the access-lists.

HTH

Thanks HTH, I figured this to be true. I will take a look at the SSM to see the impact of filtering the traffic.

Paul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: