Infection via VPN?

  • Thread starter Thread starter Charlie42
  • Start date Start date
C

Charlie42

Hi

Simple question: Can a client infected with a trojan pass it on to a server
via a VPN connection?

Charlie
 
Mads Petersen said:
Yes.
Click to expand...

Ok, simple questions calls for simple answers, I guess. :-) Would you care
to elaborate?

The server in question has Symantec Endpoint Security and is fully patched,
hence the network admin says it can not happen. But I am not convinced.

Charlie
 
www.google.com

: "Mads Petersen" wrote:
:
: > > Simple question: Can a client infected with a trojan pass it on to a
: > > server
: > > via a VPN connection?
: >
: > Yes.
:
: Ok, simple questions calls for simple answers, I guess. :-) Would you
care
: to elaborate?
:
: The server in question has Symantec Endpoint Security and is fully
patched,
: hence the network admin says it can not happen. But I am not convinced.
:
: Charlie
:
:
 
Charlie42 said:
Ok, simple questions calls for simple answers, I guess. :-) Would you care
to elaborate?

The server in question has Symantec Endpoint Security and is fully patched,
hence the network admin says it can not happen. But I am not convinced.

Charlie
Click to expand...

If malware can successfully avoid SEP's heuristics and IDS, and if
matching malware fingerprint(s) haven't made it to the local database
on a timely basis, then the odds are improved /for/ infestation. VPN
(or not), the malware /could/ then be faithfully passed - intact.

If you quoted your network admin verbatim, your admin could have more
carefully couched his remark. No protection system is perfect. A
recent review of Symantec's Endpoint Protection let a /bit/ of malware
get passed. However, overall, SEP is a good product.

<http://www.virusbtn.com/vb100/archive/2009/08>

What are the odds of your SEP protected system being infected from
your servers? Probably fairly low indeed.
 
From: "Charlie42" <[email protected]>


| Ok, simple questions calls for simple answers, I guess. :-) Would you care
| to elaborate?

| The server in question has Symantec Endpoint Security and is fully patched,
| hence the network admin says it can not happen. But I am not convinced.

| Charlie


a VPN connection means there is a virtual network tunnel that exists between you and the
network you connect to. While a trojan is not a virus which can self replicate, a trojan
still can be passed from the VPN client to the hosting networking. A VPN is a doorway and
once oped you or anything can step through that doorway. How that happens is another
matter.
 
Charlie42 said:
Simple question: Can a client infected with a trojan pass it on to
a server via a VPN connection?
Click to expand...

It looks like you fat-fingered the question and added more later. However -
if there is a network connection/path between two machines - there is a
possibility of passing various types of infections between them.

The VPN connection may be a nice and safe tunnel for your data to run
through against outside intrusion - but you are inside the tunnel -
transferring whatever you want.

Now - the server may have some protection - but if anyone ever says that
anything is unbreakable/cannot be infested/infected - they are wrong or just
overstating the low percentage chance.
 
David H. Lipman said:
a VPN connection means there is a virtual network tunnel that
exists between you and the network you connect to. While a
trojan is not a virus which can self replicate, a trojan
still can be passed from the VPN client to the hosting networking.
A VPN is a doorway and once oped you or anything can step
through that doorway. How that happens is another matter.
Click to expand...

Thanks, David and Shenan.

The malware in question was a variant on the rogue Winweb Security program.
I have reinstalled Windows on the client now (a bit over the top, perhaps),
and made sure it is fully updated and protected. As for the server, well, I
figure that is the admin's problem. He's been notified.

Charlie
 
From: "Charlie42" <[email protected]>


| Thanks, David and Shenan.

| The malware in question was a variant on the rogue Winweb Security program.
| I have reinstalled Windows on the client now (a bit over the top, perhaps),
| and made sure it is fully updated and protected. As for the server, well, I
| figure that is the admin's problem. He's been notified.

| Charlie


Right. Make sure the VPN client is fully protected.
 
A VPN is simply another way to access a network though usually a much slower
way. So the same risks can apply as to computers connected to the local
network.

There are ways to minimize the risk such as requiring L2TP to insure
computer is a domain computer since it will need a trusted certificate for
access, configuring packet filtering on the VPN server to manage what
traffic is allowed into the network, using NAP policies to make sure
computers pass health checks [Windows 2008], using VPN endpoint devices
that can scan traffic after it is decrypted and before sent to the network,
and of course making sure that servers are hardened, patched, and protected
with quality AV software.

Steve
 
The main danger here would be if the client was logged on with a Domain
Admin username and password whilst infected. (or any user/pass combination
that matches an Admin account on the server) In this case the client would
have access to the C$ server share, and in principle could make any change it
likes to the server's OS.
 
You make a great point but I would home a domain administrator would know
better but very possibly not.

Domain administrators should NEVER logon to any domain computer other than a
domain controller or known secure domain administration workstations and
ONLY if they need domain administrator powers to do specific tasks. Most
domain tasks can be delgated to domain users other than domain
administrators.

I always use Restricted Groups to create a group called localadmins in the
administrators group on domain workstations and then add regualr domain user
accounts to that group for those delegated to doing administrator work on
workstations.

Steve
 
Back
Top