General discussion



By traccount ·
Does anyone know about having a VPN endpoint on a cable router. Does having the ability to be a VPN server on the router expose you to a greater risk than not having it? The router in question has great firewall features, however our client is concerned about the vpn portion. They feel it would expose their network so that just anyone with a vpn client could try to access the network. Can anyone offer some suggestions or links where we could show them that the VPN would not be a problem.

Many thanks in advance for any input.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

VPN Security

by mattbakeruk In reply to VPN

You don't need a VPN client to hack a router; any good hacker has an array of tools to get on. however have a look at the article in the attached link.
gives a good basic understanding on VPN Security.

There is a good piece in there about random user login.

Still it would help if you put together a security piece for your customer - your supplier should provide you with most of this info. Explain how you aim to provide security on the connection, certificates, username password etc. also stress to them that a VPN is dependent upon strong security on the network, patching, strong passwords, IPS etc. If they trust you they should take your word for it.

Secondly get it tested by a qualified penetration tester. Charge the customer for this as proof, but someone should be able to do a proper test and report on this in one day. This should satisfy them completely that it is secure - assuming you've done the setup correctly.

Collapse -


by jdclyde In reply to VPN Security

When people VPN, do they need full access or just partial?

If they only need partial access to a set server or two then move the servers onto their own DMZ LAN and let the remote users VPN into the DMZ.

More servers today should be on a DMZ instead of on the LAN anyways, as it segments the network so if there is a compromise only a portion of the network is at risk.

Remember, most viruses can cross the LAN through shared drives and such.

Collapse -

Not needed?

by Choppit In reply to VPN

Any externally presented services increase the risk of intrusion. If you don't need a VPN, turn it off.

Collapse -

intranet or internet?

by Jaqui In reply to VPN

if it is only for local use in the office.
deny the entire vpn access to / from the internet.

if it is for e-commuting, it is another service for outside, which is a security risk.
make it less so by using tightvnc, and only through ssl for access.

any service visible to the outside is a risk.
if it has to be there, minimise the danger by using as much security as possible.

Related Discussions

Related Forums