@@ -332,7 +332,7 @@ There are various types of devices, but they all share that the firewall is mana
***Network devices**: VPN products are often deployed on network devices to tunnel traffic to remote endpoints. Such network devices (for example a router) are usually located on the edge between a private and public network and thus exposed to internal as well as external attack surfaces. A firewall is usually included by the underlying OS or hardware system for such network devices.
***Internet of Things, Consumer Gadgets and Appliances**: VPN products could be deployed on IoT devices, consumer gadgets, TVs or other appliances where the product is bound to the security model of the device hardware and operating system. The device might lack proper hardware security modules, firewall support, or enforce a relaxed security model (for example requiring the product to run as root without proper isolation between applications and users). Such devices are usually placed in private networks.
***Consumer Devices**: VPN products are often deployed on consumer devices such as tablets, computers or laptops of various operating systems. The product is bound to the security model of the hardware and operating system. While such devices usually support firewalls, proper user isolation, the actual security configuration of such systems depends on the security awareness of the operating administrating user. Consumer devices are located in private networks.
***Consumer Devices**: VPN products are often deployed on consumer devices such as tablets, computers or laptops of various operating systems. The product is bound to the security model of the hardware and operating system. While such devices usually support firewalls, proper user isolation, the actual security configuration of such systems depends on the security awareness of the operating administrating user and the configuration limitations of the underlying system. Consumer devices are located in private networks.
***Managed Endpoints**: Managed endpoints are professionally managed instances which are usually located on a physical or virtual server in a data center. While the firewall configuration is done by the administrating user, this user is assumed to have advanced security knowledge. Further, the server is usually located in an access restricted data center which transfers physical risk (for example memory snapshotting or injections) to the data center provider.