Security systems in DAX Networks

[anomit]

This is an article by Meera Venkipuram of Digit. Read it here.

Some excerpts:

Users access a remote server from their machines (with an SQL backend) and use PPTP (point-to-point tunnelling protocol) to access the server. However, firewall authentication is required at each and every stage."

sic....

After all, a network is as vulnerable as it's weakest link; the link, which most virus writers and spambots exploit the end user.

Now see the contradiction. If any bot/malware/spyware gets hold of the end user computer, whats the use of Firewall authentication at every step?
Thats how viruses and spywares get entry into company netwroks, thorugh a trusted machine. Same as the old rlogin exploits.

Not a very enlightening article.

 

[digen]

Lol mate its not a contradiction et all.Thats the way it works everywhere.Let me explain,
The need of the hour is access from anywhere in the wolrd round the clock.
The Firewall solution is primarily there to block & separate the internal network from the insecure internet.Its primary goal is it to block attacks & unwanted traffic from the outside getting in.
Though its a difficult task taking care of mobile devices[laptops & handhelds] & also there is no guarantee that employes take proper care & measures of the equipment that they use & properly lock it down & secure it to a extent.This is a different topic of concern altogether.

The solution to this problem apart from creating policies & implementing anti-spyware,anti-virus solutions of the employers computers[mobile devices] is to block egress ports at the firewall & only open ports which are needed.
More than one level authentication at the firewall is justified.Its just a added layer of security from the outside.

Forgive me but your views of it being a contradiction are wrong.There are ways to tackle the threats from the inside.Tell me if I need to explain anymore or any part which you havent understood.

 

[anomit]

If one is using the Tunneling protocol, aren't there security issues?

 

[digen]

Using a VPN[Virtual Private Network] with a IPSec or L2TP[Layer to tunneling protocol] carries information on a encrypted channel.They are the safest methods of processing information on the insecure internet....PERIOD

 

[anomit]

But there it says point-to-point instead of L2TP. These are different.

 

[digen]

P2PTP is also a protocol which supports VPN .Encrypted & secure data over the transmission channel.

P2PTP