RE: [fw-wiz] VPN concentrators

From: Brian Ford (brford@cisco.com)
Date: 08/27/02

• Next message: Schouten, Diederik (Diederik): "RE: [fw-wiz] VPN concentrators"
• Previous message: Patrick Darden: "RE: [fw-wiz] VPN concentrators"
• Maybe in reply to: scouser@paradise.net.nz: "[fw-wiz] VPN concentrators"
• Next in thread: Schouten, Diederik (Diederik): "RE: [fw-wiz] VPN concentrators"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: scouser@paradise.net.nz
From: Brian Ford <brford@cisco.com>
Date: Tue Aug 27 10:58:01 2002

James,

At 10:53 PM 8/26/2002 -0400, firewall-wizards-request@honor.icsalabs.com wrote:

>So users would be employees. (totally untrsutworthy :P)

Excellent call.

>Client software would probably depend on Device as a number of beneficial
>features can be used if you match the client to the device (personal
>firewalls,
>autmated upgrading of clients etc...)
>users would be about 250 initially but up to 4000 potentially in the future.

So here is a problem. 250 users that use one client operating system means
that you will need (to add?) a person to support (given some form of
personal Firewall and some automated updating of client software), and
monitor VPN clients usage full time. That's a nasty job if you add
additional operating systems (there will always be one platform that
doesn't get supported as well as others). That's multiple bodies as you
grow to 4000 users.

>Not sure what you mean by access control? Do you mean to internal
>resources? If
>VPN traffic could be split inot different network pools then internal
>NIDS, and
>ACLs could manage this (along with obvious host/resource access controls)

Would different VPN users belong to different groups and would different
groups have more or less privileges or access to resources than others.

>What are tehses mysterious "IPSEC issues" that we are all aware of ( or
>perhaps
>not in my case) ??

No mystery. NAT handling. Getting through client side Firewalls or filters.

Liberty for All,

Brian

---

• Next message: Schouten, Diederik (Diederik): "RE: [fw-wiz] VPN concentrators"
• Previous message: Patrick Darden: "RE: [fw-wiz] VPN concentrators"
• Maybe in reply to: scouser@paradise.net.nz: "[fw-wiz] VPN concentrators"
• Next in thread: Schouten, Diederik (Diederik): "RE: [fw-wiz] VPN concentrators"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Route all traffic through Netgear FVS318v3 VPN ... > I have successfully setup a VPN tunnel between a PC using the Netgear ... > VPN Client Software and a Netgear FVS318v3 router. ... (comp.security.firewalls) Re: Password Change Control ... ]functions in conjunction with PC client software. ... Chap is not a secure technique on the server since the password MUST be ... (comp.security.misc) updated legacy mainframe app ... On the mainframe EntireX Broker will be ... The client software will include the following: ... Compiled .NET code, dynamic link libraries, and EntireX client ... Cross site scripting and other web attacks before hackers do! ... (Pen-Test) Password Change Control ... functions in conjunction with PC client software. ... protect the privacy of users passwords from basically anyone, ... I'd prefer not to deploy client ... for encryption, and one uses server side encryption. ... (comp.security.misc) [CVSup]::[cvsup5.ru.freebsd.org]: No CVSROOT directory. ... I've used cvsup application under NetBSD-CURRENT to get whole ... CVS repositories from NetBSD, FreeBSD and OpenBSD projects. ... The client software works with cvsup5.ru.freebsd.org mirror ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2002-08