If I installed Altavista Tunnel at my location, behind my Firewall, to
act as a means for outside users to access resources within my network,
how would I limit their access to those internal resources?
Let's take the example of a previous poster who asked about securing a
box running a third-party proprietary package that needed to be accessed
by the vendor of that package. With VPN technology working at the
Firewall, I could ensure that their connection would be encrypted from
the Vendor's desktop to my Firewall, and then I could use the Firewall
to ensure that the Vendor could only do a limited number of network
services (say, telnet and ftp for example), and then also ensure that
they could do those services with a single box within my network. I
could use discretionary rules that might allow some clients full access
while limiting others.
In the case of an Altavista Tunnel arrangement, its my understanding
that I could only ensure that the Vendor's desktop was encrypted to the
Tunnel server, and that after that I would have no ability to control
what network services that desktop could employ once they had been
authenticated at the Tunnel server.
It means that I might have to set up an arrangement like Untrusted Net
-- Firewall -- Tunnel Server -- Firewall -- Trusted Net.
Am I missing something in the abilities of Altavista Tunnel? Or am I
truly left giving full access to my entire Trusted Net to anyone who has
been authenticated at the Tunnel Server?
R.C. Consulting, Inc. - NT/Internet Security
NTBugTraq: Send SUBSCRIBE NTBUGTRAQ Your Name to LISTSERV @