AW: Securing Web access from internet
From: Meidinger Chris (chris.meidinger_at_badenit.de)
Date: 08/07/03
- Previous message: Meidinger Chris: "AW: Anit-Virus Software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'gillettdavid@fhda.edu'" <gillettdavid@fhda.edu>, 'Bob Freeman' <cm94@hotmail.com>, security-basics@securityfocus.com Date: Thu, 7 Aug 2003 08:48:57 +0100
I agree, authenticating on the firewall is the best way to go.
checkpoint fw-1 and rsa secureid work great together too for this.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
______________
Es gibt 10 arten von Menschen auf dem Planeten,
welche die Binär verstehen, und welche die es nicht tun.
-----Ursprüngliche Nachricht-----
Von: David Gillett [mailto:gillettdavid@fhda.edu]
Gesendet: Wednesday, August 06, 2003 10:57 PM
An: 'Bob Freeman'; security-basics@securityfocus.com
Betreff: RE: Securing Web access from internet
Years back, I worked on a network where we had a requirement
like this, which we met by deploying a PIX as gateway with an
attached TACACS+ server. Clients who telnetted to the gateway
and authenticated against TACACS+ got access to the network
beyond the gateway.
More recently, I've been using some of the authentication
services offered by CheckPoint's FW-1 firewall and BlueSocket's
"wireless" security box. I suspect that user authentication
as a firewall feature has become fairly widespread, although
I'm not sure how common on boxes costing less than about $10K.
David Gillett
> -----Original Message-----
> From: Bob Freeman [mailto:cm94@hotmail.com]
> Sent: August 6, 2003 08:58
> To: security-basics@securityfocus.com
> Subject: Securing Web access from internet
>
>
>
>
> Hi everyone, We have a web application on our LAN (based on
> IIS) and we want to make this web application available from
> the internet for specific users/workstation. 1)I want to
> make sure that these users/workstation are authenticated
> BEFORE accessing the local network. 2)I want to make sure
> that the information transiting on the public network is
> encrypted 3)I would prefer to not have anything to install
> on the remote workstations (if possible) 4)I don't want a
> VPN solution. I don't know much about the product I need but
> I suppose it would be a kind of web relay/authentication
> server installed in our DMZ. Do you have product to
> propose? Thanks Bob Freeman
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Meidinger Chris: "AW: Anit-Virus Software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
