CertCities.com -- The Ultimate Site for Certified IT Professionals
Free CertCities.com Newsletter via E-mail Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets


CertCities.com
Let us know what you
think! E-mail us at:



 
 
...Home ... Editorial ... Columns ..Column Story Saturday: April 5, 2014


 Link State Update  
Eric Quinn
Eric Quinn


 Paranoia Is Good
Use Cisco's VPN Concentrator with ZoneAlarm to protect your users -- and yourself.
by Eric Quinn  
11/13/2002 -- Paranoia is good! And no, I'm not referring to the old role-playing game. I'm referring to the state that most security people live in. Change another well-known saying to "Even paranoid network admins have intruders," and you'll have a good idea of where this month's column is going.

The key to strong network security is to trust the users as far as you can throw them. Many companies who make money from protecting the perimeter of your network like to talk up the threats from outside. It's true that the most costly and knowledgeable threats are on the outside, but that doesn't change the fact that most network problems are caused directly or indirectly by your users; people that are trusted by the organization.

These same users need to connect to your network. Of course, it's a lot easier to manage computers that don't leave the building than ones that do. A muscle next to the left eye starts to twitch when you consider how many executives allow their children to use their laptop.

For these potentially untrustworthy devices that need to connect to your network remotely, Cisco has given users the option of creating VPN tunnels with firewall software configured on the remote workstation. Imaging being able to filter out inappropriate packets directly at the workstation, instead of configuring a CPU-intensive access list on a router or firewall.

First, you need to be using VPN Concentrator 3.5 or better along with client software of 3.5 or better. As for firewall support, while Cisco promises to increase the size of the list, the only two popular firewalls currently supported are ZoneAlarm and BlackICE Defender. At this time, ZoneAlarm is preferred because of its support for Concentrator-configured client protection policies. This is where the admin can configure Concentrator with a security policy and then, when the user creates a tunnel, the policy is pushed down to the user, configuring the firewall.

The protection policy is configured just like any interface filter is on the Concentrator. The difference is that rather than placing the policy on a physical interface, it needs to be linked to the firewall setting of a group. Go over to Configuration, Settings and choose the group you want to configure. Modify the group and select "Client FW" for firewall configuration. Select "Policy Pushed" and choose the policy you just configured.

Another option is to have a policy from a Zone Labs Integrity server sent down to the client. This type of server is used in large environments to keep a consistent policy across many different VPN Concentrators and clients. If you start having trouble keeping the policies for the groups up to date across your many concentrators, you may wish to explore this product.

With a bit of luck, some technology and a healthy dose of paranoia, the corporate network can be a bit safer.


Eric Quinn, CCNP, CCDP, CCSI, is a security instructor and consultant. He is also co-author of the CCNP Remote Access Exam Cram by Coriolis Press. He writes the “Link State Update” column for TCPmag.com, and is a contributing editor for CertCities.com. Reach him at .

 


More articles by Eric Quinn:

-- advertisement --


There are 18 CertCities.com user Comments for “Paranoia Is Good”
Page 1 of 2
11/22/02: Anonymous says: Looking at Eric Quinn's Picture makes me paranoid. The picture is a nice touch to this article.
2/24/13: Pharma0 from USA says: Hello! bddkdka interesting bddkdka site! I'm really like it! Very, very bddkdka good!
2/24/13: Pharmd758 from USA says: Very nice site!
2/24/13: Pharmd258 from USA says: Hello! bbeeecd interesting bbeeecd site! I'm really like it! Very, very bbeeecd good!
2/24/13: Pharmf578 from USA says: Very nice site!
7/1/13: louis vuitton outlet store from [email protected] says: good share. louis vuitton outlet store http://www.louisvuittonttoutlet.com
7/5/13: louboutin outlet from [email protected] says: nice articles louboutin outlet http://www.christianlouboutinoutleta.com
7/5/13: gucci outlet from [email protected] says: good share. gucci outlet http://www.guccioutletstore-online.com
7/25/13: Discount Louboutin from [email protected] says: nice articles Discount Louboutin http://www.discount-louboutin.net/
8/30/13: nfl jerseys wholesale from [email protected] says: good articles nfl jerseys wholesale http://www.wholesalenflljerseys.com
First Page   Next Page   Last Page
Your comment about: “Paranoia Is Good”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top