Was wondering if there are any white papers or other documnetation on security of the Cisco VPN and the spread of virii. Attempting to convince the "powers that be" to allow home users to be able to connect to the corporate network via VPN. Serious concerns that the home systems will spread infections to the corporate network.
I don't believe that there are any white papers of this subject. But i do know some facts about lowering the risk of virus-infections through a VPN-Tunnel:
- Only allow the right things!
Make sure that there is a well-thought access-list for what a VPN-Client may do in your network. If they only need RDP and DNS services, then it is up to you to configure a matching access-list to prevent unwanted applications or ports on to your network!
- Require a Firewall!
You can configure a ASA or Pix with software version 7.x that they require the VPN-Client to have a up-and-running Firewall installed. If they don't have the required Firewall-software running; No entry! This is a option that can be configured on the Group Policy named 'Client Firewall'. Make sure you check out this option!
- Internet Access!
It is quite dangerous to give the VPN-Client access to the internet at the same time you let them connect to the Corporate Network. Then their able to download a virus while they are connected to your network! That's why it is not advisable to enable split-tunneling. You can give them internet access through the Corporate internet-connection if they actually need internet during the time they are connected. The VPN Client then automatically sends all internet-requests to the VPN-Endpoint, or even proxy a proxy on your network. It then sends the request to the internet using the Corporate (usually) protected internet connection!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...