Well yes and no, a well designed SSL VPN solution will terminate the
incoming connection on port 445 within the SSL VPN appliance itself.
The data requested is then re-requested by the SSL VPN appliance from the
relevant server and sent back to the requestor. This breaks the chain -
additionally a dedicated SSL VPN appliance such as the Aventail EX-750 or
1500 can actively scan your PC before connection adding another layer of
security and allowing the IT dept to maintain control over 'unknown' PC's.
OTHH: An IPSEC VPN connection typically allows an open end-to-end tunnel to
be created which blows by the firewall/download scanners and will allow a
port-scanning/share-scanning virus or worm to deploy it's payload (I've
witnessed this happening). A secured IPSEC VPN such as MS ISA 2004 on a 2003
server allows firewalling the VPN connection which improves matters.
Hope that helps
Chris Norris
Technical Director
Red Hot Networks Ltd
0870-2424981
-----Original Message-----
From: Evan Mann [mailto:emann (at) pinnaclefinancial (dot) com [email concealed]]
Sent: 18 November 2004 22:27
To: Beauford, Jason
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: SSL VPN Tunnels and Virus Transmission
Sure, why the heck not? All an SSL VPN tunnel does is provide an SSL
encrypted VPN tunnel between said unsecured/infected machine and your
internval virus protected number, that's all the VPN does. It does not
offer virus protection or threat protection. It created a virtual tunnel
making that said infected computer be almost just like it was
sitting in your internal virus protected network. All a virus has to
do is have logic to look for available networks and then travel across them,
not difficult.
You'd need to have other measures in place to protect your internal network
such as a quarantine that requires a virus scan/clean or installation on any
machine connecting over VPN, or you could secure the VPN to only allow
certain ports of traffic, etc.
-----Original Message-----
From: Beauford, Jason [mailto:jbeauford (at) EightInOnePet (dot) com [email concealed]]
Sent: Thursday, November 18, 2004 5:18 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: SSL VPN Tunnels and Virus Transmission
Group,
I want to know if it is possible / plausible that a virus can travel from an
unsecured and infected machine to an internal virus protected network via an
encrypted SSL VPN tunnel?
Thanks in advance.
JMB
--
This email has been verified as Virus free Virus Protection and more
available at http://www.plus.net
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.798 / Virus Database: 542 - Release Date: 18/11/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.798 / Virus Database: 542 - Release Date: 18/11/2004
incoming connection on port 445 within the SSL VPN appliance itself.
The data requested is then re-requested by the SSL VPN appliance from the
relevant server and sent back to the requestor. This breaks the chain -
additionally a dedicated SSL VPN appliance such as the Aventail EX-750 or
1500 can actively scan your PC before connection adding another layer of
security and allowing the IT dept to maintain control over 'unknown' PC's.
OTHH: An IPSEC VPN connection typically allows an open end-to-end tunnel to
be created which blows by the firewall/download scanners and will allow a
port-scanning/share-scanning virus or worm to deploy it's payload (I've
witnessed this happening). A secured IPSEC VPN such as MS ISA 2004 on a 2003
server allows firewalling the VPN connection which improves matters.
Hope that helps
Chris Norris
Technical Director
Red Hot Networks Ltd
0870-2424981
-----Original Message-----
From: Evan Mann [mailto:emann (at) pinnaclefinancial (dot) com [email concealed]]
Sent: 18 November 2004 22:27
To: Beauford, Jason
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: SSL VPN Tunnels and Virus Transmission
Sure, why the heck not? All an SSL VPN tunnel does is provide an SSL
encrypted VPN tunnel between said unsecured/infected machine and your
internval virus protected number, that's all the VPN does. It does not
offer virus protection or threat protection. It created a virtual tunnel
making that said infected computer be almost just like it was
sitting in your internal virus protected network. All a virus has to
do is have logic to look for available networks and then travel across them,
not difficult.
You'd need to have other measures in place to protect your internal network
such as a quarantine that requires a virus scan/clean or installation on any
machine connecting over VPN, or you could secure the VPN to only allow
certain ports of traffic, etc.
-----Original Message-----
From: Beauford, Jason [mailto:jbeauford (at) EightInOnePet (dot) com [email concealed]]
Sent: Thursday, November 18, 2004 5:18 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: SSL VPN Tunnels and Virus Transmission
Group,
I want to know if it is possible / plausible that a virus can travel from an
unsecured and infected machine to an internal virus protected network via an
encrypted SSL VPN tunnel?
Thanks in advance.
JMB
--
This email has been verified as Virus free Virus Protection and more
available at http://www.plus.net
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.798 / Virus Database: 542 - Release Date: 18/11/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.798 / Virus Database: 542 - Release Date: 18/11/2004
[ reply ]