Re: Teleworking

From: David Lanagan (DLanagan_at_sterlinginsurancegroup.com)
Date: 11/17/03

  • Next message: Mike: "Blocking IRC Access"
    Date: Mon, 17 Nov 2003 09:32:23 +0000
    To: <JGrimshaw@ASAP.com>
    
    

    First of all thankyou to all of you that replied, helpful info.

    I'm loooking at going along the lines of:

    Client-side
    Norton Personal Firewall on the client
    Cisco VPN Client running on local PC
    ADSL router runing VPN passthrough and full firewall
    RSA SecurID hardware token

    Server-side
    Cisco PIX running 3DES VPN
    RSA SecurID server
    Citrix Remote desktop delivered to clients
    +other security we have already at the HO

    I think this provides a secure-enough solution bearing in mind we will have strict user/password security policies enforced also.

    What do you think.....?

    ________________________________________________________________________
    Dave Lanagan
    Lead - Infrastructure Development
    Tel: 020 8334 1548
    Fax: 020 8948 0161
    Mail: dlanagan@sterlinginsurancegroup.com

    >>> <JGrimshaw@ASAP.com> 11/13/03 05:21pm >>>
    I didn't realize you were actually looking for a reply until you sent the
    second message.

    Since he never mentioned firewalls to begin with, just VPNs, I stuck with
    just the VPNs.

    But yes, it would be a good idea to implement some sort of client
    firewall. I think he needs to solve his VPN issues first, though! It is a
    bit of a chicken-or-the-egg proposal, which to deploy first--but he seems
    focused on VPNs at the moment.

    Ramsy <ramsyl@itsecure.com>
    11/11/2003 11:04 PM

    To
    David Lanagan <DLanagan@sterlinginsurancegroup.com>
    cc
    JGrimshaw@ASAP.com, security-basics@securityfocus.com
    Subject
    Re: Teleworking

    Hi

    What about a firewall ? VPN with out a firewall can be hole!
    Sonicwall box has inbuilt vpn and firewall capabilities and good
    performance

    Regards
    Ramsy

    JGrimshaw@ASAP.com wrote:

    > You could always allow for a Cisco router at the employees home; a DSL
    or
    > cable router in the 800 series of routers would work, with the option of
    a
    > hardware VPN accelerator.
    >
    > Some models have a four-port switch installed, and you can configure the
    > router to allow only specific MAC addresses to connect via the VPN
    tunnel.
    > So, Bob from Accounting can connect from his work issued laptop,
    without
    > any client installed on it (and as such, would never need updating) and
    he
    > can connect his printer to the switch, have a wireless home network
    access
    > point hooked up and the rest of his family--but only his laptop would
    > touch the tunnel (or if you prefer, his printer too).
    >
    > The tunnel can connect to a PIX or a router at the business.
    >
    > If VoIP was deployed, you cannot use QoS on the PIX, but you could on
    the
    > router. So, if a scheduled backup job kicked off when the employee was
    > connected, VoIP would suffer if you terminated the tunnel on a PIX. But
    > if its a router-to-router connection, you could configure for VoIP
    traffic
    > to receive priority.
    >
    > "David Lanagan" <DLanagan@sterlinginsurancegroup.com>
    > 11/10/2003 04:39 AM
    >
    > To
    > <security-basics@securityfocus.com>
    > cc
    >
    > Subject
    > Teleworking
    >
    > I'm about to embark on a teleworking project and would like to ask you
    > guys the following...
    >
    > I was going to be using Cisco-based 3des VPNs out to clients who will
    use
    > the vpn client s/w loaded on their machines, an adsl connection and
    citrix
    > for a remote desktop.
    >
    > I was going to employ a securID or similar box to provide additional
    > security.
    >
    > Could anyone out there recommend any other options? I want the
    connection
    > to be very secure and allow for a concurrent usage of up to 50 clients
    > coming in at any one time.
    >
    > Your help will be much appreciated...
    >
    > Regards,
    >
    > Dave.
    >
    > ________________________________________________________________________
    > Dave Lanagan
    > Lead - Infrastructure Development
    > Tel: 020 8334 1548
    > Fax: 020 8948 0161
    > Mail: dlanagan@sterlinginsurancegroup.com
    >
    > The information transmitted is intended only for the person or
    > entity to which it is addressed and may contain confidential
    > and/or privileged material. Any review, retransmission,
    > dissemination or other use of, or taking of anyaction in reliance
    > upon, this information by persons or entities other than the
    > intended recipient is prohibited. If you received this in error,
    > please contact the sender and delete the material from any
    > computer. The views expressed in this message do not necessarily
    > reflect those of Sterling Insurance Group Ltd or any of its
    > subsidiary companies.
    >
    >
    ---------------------------------------------------------------------------
    > Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    > The Presidio integrates PGP data encryption and XML Web Services
    security
    > to
    > simplify the management and deployment of PGP and reduce overall PGP
    costs
    >
    > by up to 80%.
    > FREE WHITEPAPER & 30 Day Trial -
    > http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    >
    ----------------------------------------------------------------------------
    >
    >
    ---------------------------------------------------------------------------
    > Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    > The Presidio integrates PGP data encryption and XML Web Services
    security to
    > simplify the management and deployment of PGP and reduce overall PGP
    costs
    > by up to 80%.
    > FREE WHITEPAPER & 30 Day Trial -
    > http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    >
    ----------------------------------------------------------------------------

    --------------------------------------------------------------
    I T Secure, Mumbai, India

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security
    to
    simplify the management and deployment of PGP and reduce overall PGP costs

    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------

    The information transmitted is intended only for the person or
    entity to which it is addressed and may contain confidential
    and/or privileged material. Any review, retransmission,
    dissemination or other use of, or taking of anyaction in reliance
    upon, this information by persons or entities other than the
    intended recipient is prohibited. If you received this in error,
    please contact the sender and delete the material from any
    computer. The views expressed in this message do not necessarily
    reflect those of Sterling Insurance Group Ltd or any of its
    subsidiary companies.

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------


  • Next message: Mike: "Blocking IRC Access"

    Relevant Pages

    • Re: SBS 2008 - Firewall Appliance?
      ... Cisco ASA 5510 Appliance Content Security Edition Bundle ... 250 IPsec VPN peers, ... But "firewall services" are simply listed as included. ... If you don't need AV or VPN then this is overkill....and I recommend running client AV on a server that can handle monitoring anyways....not using an edge device as the client AV manager...but that's another conversation. ...
      (microsoft.public.windows.server.sbs)
    • Re: Teleworking
      ... The management is much easier and you can push client updates from it. ... I think he needs to solve his VPN issues first, ... > cable router in the 800 series of routers would work, ... > simplify the management and deployment of PGP and reduce overall PGP ...
      (Security-Basics)
    • Re: remoting not working through vpn
      ... These can act differently depending on where the VPN terminates. ... I have ISA firewall and all my VPN connections terminate on the firewall system. ... The other case might be that you have tunneled the VPN completely through the firewall and let it terminate on the server itself. ... The problem may be in how the client system is presenting its ...
      (microsoft.public.dotnet.framework.remoting)
    • Re: Teleworking
      ... I think he needs to solve his VPN issues first, ... What about a firewall? ... > The Presidio integrates PGP data encryption and XML Web Services ... > simplify the management and deployment of PGP and reduce overall PGP ...
      (Security-Basics)
    • Re: RE:Sizing a Firewall for a Client
      ... about the Sonic Wall Pro, when in turn will cost you at least 3 times as ... Sizing a Firewall for a Client ... We've tested the Sonicwall with up to 5 VPN clients at once ...
      (Security-Basics)