VPNs: How Private Are They?

CyberGatekeeper Remote Policy Enforcer keeps your users in compliance and your network secure.

No matter how big and bad a firewall sits between your corporate network and the Internet, you’re still vulnerable to attack from a most unexpected source—your remote secure connections.

InfoExpress, Inc. has introduced an interesting product to help plug this security hole: CyberGatekeeper Remote Policy Enforcer. Let’s examine how it works.

The CyberGatekeeper solution is a combo hardware/software package that consists of a hardware server, policy manager software and agent software. The CyberGatekeeper server evaluated was a 1U rack-mountable computer running Red Hat Linux on a Celeron processor. You don’t have to be a Linux expert to set up the server, as it simply boots directly into a DOS-type menu system where you can manually configure options or have the built-in wizards walk you through the configuration.

Product Information
InfoExpress Inc.
650-623-0260 www.infoexpress.com

The multi-homed server is designed to sit between your corporate VPN server and the corporate network. All incoming VPN connections are routed through the server where their configurations are audited for policy compliance and, accordingly, are granted or denied access to the network. The outside interface uses a virtual IP address so it’s possible to have multiple CyberGatekeeper servers on the same segment for load-balancing purposes. The agent can only be installed on Windows operating systems.

When a remote computer establishes an inbound VPN connection, the agent collects information about the computer, including the operating system, vendor-specific anti-virus program, vendor-specific personal firewall program, as well as a slew of other security-related audits. This information is passed on to the CyberGatekeeper server where it’s compared against predefined policies (see the figure). If the audit fails, the remote computer is denied access. You can configure a custom message that’s passed onto the client to indicate why the failure occurred, and the user can then make the appropriate changes to bring his or her computer into compliance.

You can define comprehensive policies that require a minimum configuration in order for a remote computer to access the corporate network. (Click image to view larger version.)

I created a sample policy that required that the remote computer run Windows XP. When I made the VPN connection, the computer passed the audit, as it was running Windows XP. When I changed the policy to require a BlackIce Defender personal firewall, the audit failed and access was denied because I was using the built-in XP firewall. You can define multiple criteria for the policy based on required or desired minimum configurations. You can also audit the registry for specific values (for example, making sure the RUN ONCE value is blank, as many viruses and Trojans will modify this registry entry).

CyberGatekeeper is an innovative solution that can protect these entry points through audited compliance with corporate security policies. It’s easy to configure even for the non-Linux expert and doesn’t require that your remote employees be techies. When it comes to securing the corporate network, CyberGatekeeper offers a viable solution for keeping VPNs private.

About the Author

James Carrion, MCM R2 Directory, MCITP, MCSE, MCT, CCNA, CISSP has worked as a computer consultant and technical instructor for the past 16 years. He’s the owner of and principal instructor for MountainView Systems, LLC, which specializes in accelerated Microsoft Certification training.


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.