XPost: comp.dcom.sys.cisco   
   From: martin.bodenstedt@gmx.de   
      
   Graham Murray schrieb:   
   > Martin Bodenstedt  writes:   
      
   >>Suddenly all other PC's on your local network can access the   
   >>customer's network and - which is worse - your customer's network has   
   >>a rogue internet connection (thru your PC) bypassing that network's   
   >>internet access policy.   
      
   > How is that going to happen without some serious reconfiguration both   
   > on your system and its local network? To take some (hypothetical)   
   > numbers. Your PC has IP address 192.168.0.2 on the local network. When   
   > you establish the VPN connection to the remote network this allocates   
   > you IP address 10.0.0.3 on that network.   
      
   The point - from a network administrators point of view - is simply that   
   it *can* be done (either actively by a remote user in a "destructive"   
   mood or by some imported malware).   
      
   > None of these things could happen accidentally. So if you are not   
   > trusted enough to not deliberately subvert the remote system's   
   > security then neither should you be trusted enough to have the VPN   
   > connection to the remote network.   
      
   It depends on what you call "accidentally". The point simply is that the   
   remote computer connecting via VPN is *not* under the control of the   
   corporate network administrator.   
      
      
   --   
   Martin Bodenstedt   
      
   (www.die-bodenstedts.de / www.maboko.de)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)