Re: Teleworking
From: David Lanagan (DLanagan_at_sterlinginsurancegroup.com)
Date: 11/17/03
- Previous message: Doug Reed: "Re: Linux for newbies"
- Maybe in reply to: David Lanagan: "Teleworking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Nov 2003 09:32:23 +0000 To: <JGrimshaw@ASAP.com>
First of all thankyou to all of you that replied, helpful info.
I'm loooking at going along the lines of:
Client-side
Norton Personal Firewall on the client
Cisco VPN Client running on local PC
ADSL router runing VPN passthrough and full firewall
RSA SecurID hardware token
Server-side
Cisco PIX running 3DES VPN
RSA SecurID server
Citrix Remote desktop delivered to clients
+other security we have already at the HO
I think this provides a secure-enough solution bearing in mind we will have strict user/password security policies enforced also.
What do you think.....?
________________________________________________________________________
Dave Lanagan
Lead - Infrastructure Development
Tel: 020 8334 1548
Fax: 020 8948 0161
Mail: dlanagan@sterlinginsurancegroup.com
>>> <JGrimshaw@ASAP.com> 11/13/03 05:21pm >>>
I didn't realize you were actually looking for a reply until you sent the
second message.
Since he never mentioned firewalls to begin with, just VPNs, I stuck with
just the VPNs.
But yes, it would be a good idea to implement some sort of client
firewall. I think he needs to solve his VPN issues first, though! It is a
bit of a chicken-or-the-egg proposal, which to deploy first--but he seems
focused on VPNs at the moment.
Ramsy <ramsyl@itsecure.com>
11/11/2003 11:04 PM
To
David Lanagan <DLanagan@sterlinginsurancegroup.com>
cc
JGrimshaw@ASAP.com, security-basics@securityfocus.com
Subject
Re: Teleworking
Hi
What about a firewall ? VPN with out a firewall can be hole!
Sonicwall box has inbuilt vpn and firewall capabilities and good
performance
Regards
Ramsy
JGrimshaw@ASAP.com wrote:
> You could always allow for a Cisco router at the employees home; a DSL
or
> cable router in the 800 series of routers would work, with the option of
a
> hardware VPN accelerator.
>
> Some models have a four-port switch installed, and you can configure the
> router to allow only specific MAC addresses to connect via the VPN
tunnel.
> So, Bob from Accounting can connect from his work issued laptop,
without
> any client installed on it (and as such, would never need updating) and
he
> can connect his printer to the switch, have a wireless home network
access
> point hooked up and the rest of his family--but only his laptop would
> touch the tunnel (or if you prefer, his printer too).
>
> The tunnel can connect to a PIX or a router at the business.
>
> If VoIP was deployed, you cannot use QoS on the PIX, but you could on
the
> router. So, if a scheduled backup job kicked off when the employee was
> connected, VoIP would suffer if you terminated the tunnel on a PIX. But
> if its a router-to-router connection, you could configure for VoIP
traffic
> to receive priority.
>
> "David Lanagan" <DLanagan@sterlinginsurancegroup.com>
> 11/10/2003 04:39 AM
>
> To
> <security-basics@securityfocus.com>
> cc
>
> Subject
> Teleworking
>
> I'm about to embark on a teleworking project and would like to ask you
> guys the following...
>
> I was going to be using Cisco-based 3des VPNs out to clients who will
use
> the vpn client s/w loaded on their machines, an adsl connection and
citrix
> for a remote desktop.
>
> I was going to employ a securID or similar box to provide additional
> security.
>
> Could anyone out there recommend any other options? I want the
connection
> to be very secure and allow for a concurrent usage of up to 50 clients
> coming in at any one time.
>
> Your help will be much appreciated...
>
> Regards,
>
> Dave.
>
> ________________________________________________________________________
> Dave Lanagan
> Lead - Infrastructure Development
> Tel: 020 8334 1548
> Fax: 020 8948 0161
> Mail: dlanagan@sterlinginsurancegroup.com
>
> The information transmitted is intended only for the person or
> entity to which it is addressed and may contain confidential
> and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of anyaction in reliance
> upon, this information by persons or entities other than the
> intended recipient is prohibited. If you received this in error,
> please contact the sender and delete the material from any
> computer. The views expressed in this message do not necessarily
> reflect those of Sterling Insurance Group Ltd or any of its
> subsidiary companies.
>
>
---------------------------------------------------------------------------
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services
security
> to
> simplify the management and deployment of PGP and reduce overall PGP
costs
>
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial -
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
>
----------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services
security to
> simplify the management and deployment of PGP and reduce overall PGP
costs
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial -
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
>
----------------------------------------------------------------------------
--------------------------------------------------------------
I T Secure, Mumbai, India
---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security
to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------
The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of anyaction in reliance
upon, this information by persons or entities other than the
intended recipient is prohibited. If you received this in error,
please contact the sender and delete the material from any
computer. The views expressed in this message do not necessarily
reflect those of Sterling Insurance Group Ltd or any of its
subsidiary companies.
---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------
- Previous message: Doug Reed: "Re: Linux for newbies"
- Maybe in reply to: David Lanagan: "Teleworking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
