protecting network from clients

What sort of safeguards can be implemented to protect from virus 
infections/trojans/etc on clients using vpn.  We have clients that
only 
use VPN to access our AS400, can we only allow them to use specific 
ports for VPN?  I know we can 'require' them to have anti-virus and 
firewall etc, but we can't easily enforce that requirement.

   We have av software on the servers and all our internal machines
that 
is updated weekly (mcafee ePO)

Thanks,
Mike




0
novell
2/19/2003 2:16:48 PM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

6 Replies
201 Views

Similar Articles

[PageSpeed] 18
Get it on Google Play
Get it on Apple App Store

hi,
unless you can enforce workstation based policies so that the client
can't disable the firewall and AV, I am not sure there is much you can

do.
Once the client is connected to the VPN he/she has access to your
internal resources, and therefore can be a mean for viruses etc.
I am not sure what you mean about restricting the access to certain
ports. Can you clarify what you have in mind?
Thanks

--
Cat
Novell Support Connection Volunteer Sysop





0
CSL
2/19/2003 2:42:39 PM
No, we can't enforce those policies, they are remote connections from 

other companies.

Since they are only using it to access AS400 services, which only 
require certain ports to be used, is it possible to lock out other
ports 
  in vpn?  similar to the filter exceptions, but only applied to vpn 
connections.

CSL wrote:

> hi,
> unless you can enforce workstation based policies so that the client

> can't disable the firewall and AV, I am not sure there is much you
can
> do.
> Once the client is connected to the VPN he/she has access to your
> internal resources, and therefore can be a mean for viruses etc.
> I am not sure what you mean about restricting the access to certain
> ports. Can you clarify what you have in mind?
> Thanks
>
> --
> Cat
> Novell Support Connection Volunteer Sysop
>
>




0
novell
2/19/2003 2:59:29 PM
hi,

Ok, I see.
You can set up packet filters on the VPTUNNEL board (in filtcfg use
the
VPTUNNEL board exactly like any other interface). Block all packets
from/to this board directed to your internal servers and then open
only
the needed packets with exceptions.
Note that playing with filters on the VPTUNNEL board is NOT something
I
would do on a "production" environment :-)

--
Cat
Novell Support Connection Volunteer Sysop





0
CSL
2/19/2003 5:08:40 PM
Thanks,  I'll give that a try sometime.  I don't currently have a test

machine set up for that, they are all busy testing other things at the

moment :)

But I believe that is exactly what I was looking for.

-Mike

CSL wrote:

> hi,
>
> Ok, I see.
> You can set up packet filters on the VPTUNNEL board (in filtcfg use
the
> VPTUNNEL board exactly like any other interface). Block all packets
> from/to this board directed to your internal servers and then open
only
> the needed packets with exceptions.
> Note that playing with filters on the VPTUNNEL board is NOT
something I
> would do on a "production" environment :-)
>
> --
> Cat
> Novell Support Connection Volunteer Sysop
>
>




0
novell
2/19/2003 6:16:58 PM
You are asking for a feature that is high on the list of things Novell

wants to add to BMgr 4 - a way to centrally control client-site 
personal firewalls in order to have a VPN connection.  I would assume 

that (personal) firewall could include antivirus protection.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://nscsysop.hypermart.net ***




0
Craig
2/20/2003 4:44:56 AM
hi Mike,

you are welcome. Let me know if you have other questions or troubles
:-)

--
Cat
Novell Support Connection Volunteer Sysop





0
CSL
2/20/2003 8:11:46 AM
Reply: