[ale] IPSec question

Geoffrey esoteric at 3times25.net
Tue Jul 20 12:26:51 EDT 2004


Stephan Uphoff wrote:
> Geoffrey wrote:
> 
>>Because they are supporting the service.  Again, you're at their mercy. 
>>  Most companies don't permit just anyone vpn type connectivity.  Since 
>>you don't 'manage' the firewall in question, you'll have to work with 
>>each company to get ipsec connectivity.
> 
> 
> But you can tunnel over HTTP/DNS/SMTP/ICMP....... any protocol };-)
> 
> You can easily leak informations through firewalls and even gateways
> if you control machines on both sides.

You might want to concern yourself with company policies in this area. 
I'll have to admit, my suggestions were assuming you were going to do 
things according to existing policies...

-- 
Until later, Geoffrey                     Registered Linux User #108567
Building secure systems in spite of Microsoft



More information about the Ale mailing list