Re: Teleworking

From: David Lanagan (DLanagan_at_sterlinginsurancegroup.com)
Date: 11/17/03

  • Next message: Mike: "Blocking IRC Access"
    Date: Mon, 17 Nov 2003 09:32:23 +0000
    To: <JGrimshaw@ASAP.com>
    
    

    First of all thankyou to all of you that replied, helpful info.

    I'm loooking at going along the lines of:

    Client-side
    Norton Personal Firewall on the client
    Cisco VPN Client running on local PC
    ADSL router runing VPN passthrough and full firewall
    RSA SecurID hardware token

    Server-side
    Cisco PIX running 3DES VPN
    RSA SecurID server
    Citrix Remote desktop delivered to clients
    +other security we have already at the HO

    I think this provides a secure-enough solution bearing in mind we will have strict user/password security policies enforced also.

    What do you think.....?

    ________________________________________________________________________
    Dave Lanagan
    Lead - Infrastructure Development
    Tel: 020 8334 1548
    Fax: 020 8948 0161
    Mail: dlanagan@sterlinginsurancegroup.com

    >>> <JGrimshaw@ASAP.com> 11/13/03 05:21pm >>>
    I didn't realize you were actually looking for a reply until you sent the
    second message.

    Since he never mentioned firewalls to begin with, just VPNs, I stuck with
    just the VPNs.

    But yes, it would be a good idea to implement some sort of client
    firewall. I think he needs to solve his VPN issues first, though! It is a
    bit of a chicken-or-the-egg proposal, which to deploy first--but he seems
    focused on VPNs at the moment.

    Ramsy <ramsyl@itsecure.com>
    11/11/2003 11:04 PM

    To
    David Lanagan <DLanagan@sterlinginsurancegroup.com>
    cc
    JGrimshaw@ASAP.com, security-basics@securityfocus.com
    Subject
    Re: Teleworking

    Hi

    What about a firewall ? VPN with out a firewall can be hole!
    Sonicwall box has inbuilt vpn and firewall capabilities and good
    performance

    Regards
    Ramsy

    JGrimshaw@ASAP.com wrote:

    > You could always allow for a Cisco router at the employees home; a DSL
    or
    > cable router in the 800 series of routers would work, with the option of
    a
    > hardware VPN accelerator.
    >
    > Some models have a four-port switch installed, and you can configure the
    > router to allow only specific MAC addresses to connect via the VPN
    tunnel.
    > So, Bob from Accounting can connect from his work issued laptop,
    without
    > any client installed on it (and as such, would never need updating) and
    he
    > can connect his printer to the switch, have a wireless home network
    access
    > point hooked up and the rest of his family--but only his laptop would
    > touch the tunnel (or if you prefer, his printer too).
    >
    > The tunnel can connect to a PIX or a router at the business.
    >
    > If VoIP was deployed, you cannot use QoS on the PIX, but you could on
    the
    > router. So, if a scheduled backup job kicked off when the employee was
    > connected, VoIP would suffer if you terminated the tunnel on a PIX. But
    > if its a router-to-router connection, you could configure for VoIP
    traffic
    > to receive priority.
    >
    > "David Lanagan" <DLanagan@sterlinginsurancegroup.com>
    > 11/10/2003 04:39 AM
    >
    > To
    > <security-basics@securityfocus.com>
    > cc
    >
    > Subject
    > Teleworking
    >
    > I'm about to embark on a teleworking project and would like to ask you
    > guys the following...
    >
    > I was going to be using Cisco-based 3des VPNs out to clients who will
    use
    > the vpn client s/w loaded on their machines, an adsl connection and
    citrix
    > for a remote desktop.
    >
    > I was going to employ a securID or similar box to provide additional
    > security.
    >
    > Could anyone out there recommend any other options? I want the
    connection
    > to be very secure and allow for a concurrent usage of up to 50 clients
    > coming in at any one time.
    >
    > Your help will be much appreciated...
    >
    > Regards,
    >
    > Dave.
    >
    > ________________________________________________________________________
    > Dave Lanagan
    > Lead - Infrastructure Development
    > Tel: 020 8334 1548
    > Fax: 020 8948 0161
    > Mail: dlanagan@sterlinginsurancegroup.com
    >
    > The information transmitted is intended only for the person or
    > entity to which it is addressed and may contain confidential
    > and/or privileged material. Any review, retransmission,
    > dissemination or other use of, or taking of anyaction in reliance
    > upon, this information by persons or entities other than the
    > intended recipient is prohibited. If you received this in error,
    > please contact the sender and delete the material from any
    > computer. The views expressed in this message do not necessarily
    > reflect those of Sterling Insurance Group Ltd or any of its
    > subsidiary companies.
    >
    >
    ---------------------------------------------------------------------------
    > Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    > The Presidio integrates PGP data encryption and XML Web Services
    security
    > to
    > simplify the management and deployment of PGP and reduce overall PGP
    costs
    >
    > by up to 80%.
    > FREE WHITEPAPER & 30 Day Trial -
    > http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    >
    ----------------------------------------------------------------------------
    >
    >
    ---------------------------------------------------------------------------
    > Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    > The Presidio integrates PGP data encryption and XML Web Services
    security to
    > simplify the management and deployment of PGP and reduce overall PGP
    costs
    > by up to 80%.
    > FREE WHITEPAPER & 30 Day Trial -
    > http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    >
    ----------------------------------------------------------------------------

    --------------------------------------------------------------
    I T Secure, Mumbai, India

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security
    to
    simplify the management and deployment of PGP and reduce overall PGP costs

    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------

    The information transmitted is intended only for the person or
    entity to which it is addressed and may contain confidential
    and/or privileged material. Any review, retransmission,
    dissemination or other use of, or taking of anyaction in reliance
    upon, this information by persons or entities other than the
    intended recipient is prohibited. If you received this in error,
    please contact the sender and delete the material from any
    computer. The views expressed in this message do not necessarily
    reflect those of Sterling Insurance Group Ltd or any of its
    subsidiary companies.

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------


  • Next message: Mike: "Blocking IRC Access"