Infection via VPN?

Discussion in 'Windows XP Security' started by Charlie42, Aug 21, 2009.

  1. Charlie42

    Charlie42 Guest

    Hi

    Simple question: Can a client infected with a trojan pass it on to a server
    via a VPN connection?

    Charlie
     
    Charlie42, Aug 21, 2009
    #1
    1. Advertisements

  2. "Charlie42" <> skrev i meddelelsen
    news:...
    > Hi
    >
    > Simple question: Can a client infected with a trojan pass it on to a
    > server
    > via a VPN connection?
    >
    > Charlie


    Yes.
     
    Mads Petersen, Aug 21, 2009
    #2
    1. Advertisements

  3. Charlie42

    Charlie42 Guest

    "Mads Petersen" wrote:

    > > Simple question: Can a client infected with a trojan pass it on to a
    > > server
    > > via a VPN connection?

    >
    > Yes.


    Ok, simple questions calls for simple answers, I guess. :) Would you care
    to elaborate?

    The server in question has Symantec Endpoint Security and is fully patched,
    hence the network admin says it can not happen. But I am not convinced.

    Charlie
     
    Charlie42, Aug 21, 2009
    #3
  4. Charlie42

    Tom Willett Guest

    www.google.com

    "Charlie42" <> wrote in message
    news:...
    : "Mads Petersen" wrote:
    :
    : > > Simple question: Can a client infected with a trojan pass it on to a
    : > > server
    : > > via a VPN connection?
    : >
    : > Yes.
    :
    : Ok, simple questions calls for simple answers, I guess. :) Would you
    care
    : to elaborate?
    :
    : The server in question has Symantec Endpoint Security and is fully
    patched,
    : hence the network admin says it can not happen. But I am not convinced.
    :
    : Charlie
    :
    :
     
    Tom Willett, Aug 21, 2009
    #4
  5. Charlie42

    Leonard Grey Guest

    Yes, of course. By itself a VPN offers zero protection against malware.
    ---
    Leonard Grey
    Errare humanum est

    Charlie42 wrote:
    > Hi
    >
    > Simple question: Can a client infected with a trojan pass it on to a server
    > via a VPN connection?
    >
    > Charlie
     
    Leonard Grey, Aug 21, 2009
    #5
  6. Charlie42

    1PW Guest

    Charlie42 wrote:
    > "Mads Petersen" wrote:
    >
    >>> Simple question: Can a client infected with a trojan pass it on to a
    >>> server
    >>> via a VPN connection?

    >> Yes.

    >
    > Ok, simple questions calls for simple answers, I guess. :) Would you care
    > to elaborate?
    >
    > The server in question has Symantec Endpoint Security and is fully patched,
    > hence the network admin says it can not happen. But I am not convinced.
    >
    > Charlie


    If malware can successfully avoid SEP's heuristics and IDS, and if
    matching malware fingerprint(s) haven't made it to the local database
    on a timely basis, then the odds are improved /for/ infestation. VPN
    (or not), the malware /could/ then be faithfully passed - intact.

    If you quoted your network admin verbatim, your admin could have more
    carefully couched his remark. No protection system is perfect. A
    recent review of Symantec's Endpoint Protection let a /bit/ of malware
    get passed. However, overall, SEP is a good product.

    <http://www.virusbtn.com/vb100/archive/2009/08>

    What are the odds of your SEP protected system being infected from
    your servers? Probably fairly low indeed.

    --
    1PW
     
    1PW, Aug 21, 2009
    #6
  7. From: "Charlie42" <>

    | "Mads Petersen" wrote:

    >> > Simple question: Can a client infected with a trojan pass it on to a
    >> > server
    >> > via a VPN connection?


    >> Yes.


    | Ok, simple questions calls for simple answers, I guess. :) Would you care
    | to elaborate?

    | The server in question has Symantec Endpoint Security and is fully patched,
    | hence the network admin says it can not happen. But I am not convinced.

    | Charlie


    a VPN connection means there is a virtual network tunnel that exists between you and the
    network you connect to. While a trojan is not a virus which can self replicate, a trojan
    still can be passed from the VPN client to the hosting networking. A VPN is a doorway and
    once oped you or anything can step through that doorway. How that happens is another
    matter.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Aug 21, 2009
    #7
  8. Charlie42 wrote:
    > Simple question: Can a client infected with a trojan pass it on to
    > a server via a VPN connection?


    It looks like you fat-fingered the question and added more later. However -
    if there is a network connection/path between two machines - there is a
    possibility of passing various types of infections between them.

    The VPN connection may be a nice and safe tunnel for your data to run
    through against outside intrusion - but you are inside the tunnel -
    transferring whatever you want.

    Now - the server may have some protection - but if anyone ever says that
    anything is unbreakable/cannot be infested/infected - they are wrong or just
    overstating the low percentage chance.

    --
    Shenan Stanley
    MS-MVP
    --
    How To Ask Questions The Smart Way
    http://www.catb.org/~esr/faqs/smart-questions.html
     
    Shenan Stanley, Aug 22, 2009
    #8
  9. Charlie42

    Charlie42 Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote:

    > a VPN connection means there is a virtual network tunnel that
    > exists between you and the network you connect to. While a
    > trojan is not a virus which can self replicate, a trojan
    > still can be passed from the VPN client to the hosting networking.
    > A VPN is a doorway and once oped you or anything can step
    > through that doorway. How that happens is another matter.


    Thanks, David and Shenan.

    The malware in question was a variant on the rogue Winweb Security program.
    I have reinstalled Windows on the client now (a bit over the top, perhaps),
    and made sure it is fully updated and protected. As for the server, well, I
    figure that is the admin's problem. He's been notified.

    Charlie
     
    Charlie42, Aug 22, 2009
    #9
  10. From: "Charlie42" <>

    | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote:

    >> a VPN connection means there is a virtual network tunnel that
    >> exists between you and the network you connect to. While a
    >> trojan is not a virus which can self replicate, a trojan
    >> still can be passed from the VPN client to the hosting networking.
    >> A VPN is a doorway and once oped you or anything can step
    >> through that doorway. How that happens is another matter.


    | Thanks, David and Shenan.

    | The malware in question was a variant on the rogue Winweb Security program.
    | I have reinstalled Windows on the client now (a bit over the top, perhaps),
    | and made sure it is fully updated and protected. As for the server, well, I
    | figure that is the admin's problem. He's been notified.

    | Charlie


    Right. Make sure the VPN client is fully protected.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Aug 22, 2009
    #10
  11. Charlie42

    Old Rookie Guest

    A VPN is simply another way to access a network though usually a much slower
    way. So the same risks can apply as to computers connected to the local
    network.

    There are ways to minimize the risk such as requiring L2TP to insure
    computer is a domain computer since it will need a trusted certificate for
    access, configuring packet filtering on the VPN server to manage what
    traffic is allowed into the network, using NAP policies to make sure
    computers pass health checks [Windows 2008], using VPN endpoint devices
    that can scan traffic after it is decrypted and before sent to the network,
    and of course making sure that servers are hardened, patched, and protected
    with quality AV software.

    Steve

    "Charlie42" <> wrote in message
    news:...
    > Hi
    >
    > Simple question: Can a client infected with a trojan pass it on to a
    > server
    > via a VPN connection?
    >
    > Charlie
     
    Old Rookie, Aug 28, 2009
    #11
  12. Charlie42

    Anteaus Guest

    The main danger here would be if the client was logged on with a Domain
    Admin username and password whilst infected. (or any user/pass combination
    that matches an Admin account on the server) In this case the client would
    have access to the C$ server share, and in principle could make any change it
    likes to the server's OS.

    "Charlie42" wrote:

    > Hi
    >
    > Simple question: Can a client infected with a trojan pass it on to a server
    > via a VPN connection?
    >
    > Charlie
     
    Anteaus, Aug 30, 2009
    #12
  13. Charlie42

    Old Rookie Guest

    You make a great point but I would home a domain administrator would know
    better but very possibly not.

    Domain administrators should NEVER logon to any domain computer other than a
    domain controller or known secure domain administration workstations and
    ONLY if they need domain administrator powers to do specific tasks. Most
    domain tasks can be delgated to domain users other than domain
    administrators.

    I always use Restricted Groups to create a group called localadmins in the
    administrators group on domain workstations and then add regualr domain user
    accounts to that group for those delegated to doing administrator work on
    workstations.

    Steve


    "Anteaus" <> wrote in message
    news:...
    >
    > The main danger here would be if the client was logged on with a Domain
    > Admin username and password whilst infected. (or any user/pass combination
    > that matches an Admin account on the server) In this case the client would
    > have access to the C$ server share, and in principle could make any change
    > it
    > likes to the server's OS.
    >
    > "Charlie42" wrote:
    >
    >> Hi
    >>
    >> Simple question: Can a client infected with a trojan pass it on to a
    >> server
    >> via a VPN connection?
    >>
    >> Charlie
     
    Old Rookie, Sep 6, 2009
    #13
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. john

    lovsan infection

    john, Aug 12, 2003, in forum: Windows XP Security
    Replies:
    1
    Views:
    188
    Mike Woolley
    Aug 20, 2003
  2. nancy

    blaster worm infection

    nancy, Aug 13, 2003, in forum: Windows XP Security
    Replies:
    0
    Views:
    215
    nancy
    Aug 13, 2003
  3. Marc

    Non-explorer popups since worm infection

    Marc, Aug 15, 2003, in forum: Windows XP Security
    Replies:
    1
    Views:
    174
    thetalon
    Aug 15, 2003
  4. Waheke

    Virus Infection-W32.Nolon@mm (NQH_Kiss_You)

    Waheke, Aug 30, 2003, in forum: Windows XP Security
    Replies:
    1
    Views:
    279
    Nicholas
    Aug 30, 2003
  5. Donna Fox
    Replies:
    9
    Views:
    571
    Leythos
    Jan 15, 2006
Loading...

Share This Page