Originally posted by bekarovka
View Post
-
SSL VPN is a clientless solution and would be absolutely ideal for you environment. However, if your client has accepted the risk for not securing the transmission of developer code and AD authentication over the interweb, then fair enough. However, if I were you, I would give the client the option and advise them of the insecurities of doing non-encrypted uploads of code (i.e. 3rd-party interception, modification, etc. etc.) before you dismiss SSL VPN from the equation. Let them make the decision to take the risk, otherwise the risk may be transferred to you and you could be liable for any loss incurred by the client.If your company is the best place to work in, for a mere £500 p/d, you can advertise here. -
last I looked MS approved way is ISA server & client certificates. Not sure why all these big corporates waste their money on RSA fobs & VPNs.
Always forgive your enemies; nothing annoys them so much.Comment
-
There is more than one type of VPN.... IPSEC VPN with or without Authentication Fobs... and SSL VPNS with or without Authentication Fobs. Authentication Fobs are not critical for any type IPSEC implimentation, but would be helpful.Originally posted by vetran View Postlast I looked MS approved way is ISA server & client certificates. Not sure why all these big corporates waste their money on RSA fobs & VPNs.
The reason why people don't use the MS solutions is because the MS solutions don't meet their requirements for some reason or another. I've known a few councils to have thrown out ISA Proxy in favour of Bluecoat proxy because ISA was not up to the job of handling the load (often crashes).If your company is the best place to work in, for a mere £500 p/d, you can advertise here.Comment
-
The key fob allows secure access by a person from any computer or internet device and if you lose your laptop you are not compromising security by losing a certificate.Originally posted by vetran View Postlast I looked MS approved way is ISA server & client certificates. Not sure why all these big corporates waste their money on RSA fobs & VPNs.
If you lose the keyfob, there is still the PIN and your password that the hacker will not know.
I know a few companies that prefer this approach.Comment
-
I've never seen any problems with ISA crashing. In a couple of client firms I've had a pair of Enterprise ISA 2004 boxes load balanced as a proxy and firewall supporting up to 7000 users without issue. Had it up for over 6 months before rebooting. I would use it in conjunction with a hardware based firewall though such as the Cisci ASA as the edge firewall.
This goes without saying but ensure your website traffic is encrypted using SSL to prevent AD passwords being sniffedComment
Comment