VPNs: How Private Are They?

CyberGatekeeper Remote Policy Enforcer keeps your users in compliance and your network secure.

No matter how big and bad a firewall sits between your corporate network and the Internet, you’re still vulnerable to attack from a most unexpected source—your remote secure connections.

InfoExpress, Inc. has introduced an interesting product to help plug this security hole: CyberGatekeeper Remote Policy Enforcer. Let’s examine how it works.

The CyberGatekeeper solution is a combo hardware/software package that consists of a hardware server, policy manager software and agent software. The CyberGatekeeper server evaluated was a 1U rack-mountable computer running Red Hat Linux on a Celeron processor. You don’t have to be a Linux expert to set up the server, as it simply boots directly into a DOS-type menu system where you can manually configure options or have the built-in wizards walk you through the configuration.

Product Information
InfoExpress Inc.
650-623-0260 www.infoexpress.com

The multi-homed server is designed to sit between your corporate VPN server and the corporate network. All incoming VPN connections are routed through the server where their configurations are audited for policy compliance and, accordingly, are granted or denied access to the network. The outside interface uses a virtual IP address so it’s possible to have multiple CyberGatekeeper servers on the same segment for load-balancing purposes. The agent can only be installed on Windows operating systems.

When a remote computer establishes an inbound VPN connection, the agent collects information about the computer, including the operating system, vendor-specific anti-virus program, vendor-specific personal firewall program, as well as a slew of other security-related audits. This information is passed on to the CyberGatekeeper server where it’s compared against predefined policies (see the figure). If the audit fails, the remote computer is denied access. You can configure a custom message that’s passed onto the client to indicate why the failure occurred, and the user can then make the appropriate changes to bring his or her computer into compliance.

You can define comprehensive policies that require a minimum configuration in order for a remote computer to access the corporate network. (Click image to view larger version.)

I created a sample policy that required that the remote computer run Windows XP. When I made the VPN connection, the computer passed the audit, as it was running Windows XP. When I changed the policy to require a BlackIce Defender personal firewall, the audit failed and access was denied because I was using the built-in XP firewall. You can define multiple criteria for the policy based on required or desired minimum configurations. You can also audit the registry for specific values (for example, making sure the RUN ONCE value is blank, as many viruses and Trojans will modify this registry entry).

CyberGatekeeper is an innovative solution that can protect these entry points through audited compliance with corporate security policies. It’s easy to configure even for the non-Linux expert and doesn’t require that your remote employees be techies. When it comes to securing the corporate network, CyberGatekeeper offers a viable solution for keeping VPNs private.

About the Author

James Carrion, MCM R2 Directory, MCITP, MCSE, MCT, CCNA, CISSP has worked as a computer consultant and technical instructor for the past 16 years. He’s the owner of and principal instructor for MountainView Systems, LLC, which specializes in accelerated Microsoft Certification training.


  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

  • Microsoft Browser Support for TLS 1.0 and 1.1 Ending 2H 2020

    Microsoft announced on Tuesday that its plans to drop support for Transport Layer Security (TLS) protocols 1.0 and 1.1 in its browsers will get delayed by a few months until the second half of this year.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.