Double authentication (User & Machine) with VPN SSL

From: Peyman (peyman.secu_at_gmail.com)
Date: 10/13/05

  • Next message: furtiworld2_at_gmail.com: "Re: Wireless Security" 
    Date: Thu, 13 Oct 2005 19:35:50 +0200
To: security-basics@securityfocus.com

    Dear all,

      I was wondering if with a VPN SSL solution, it is possible to
    authenticate the user and the machine both, with their certificates.
      I know that this could be possible with IPSec Over L2TP (machine
    authentication with L2TP, and user authentication with IPSec), and not
    possible with pure IPSec (just a basic login/password with X-Auth
    available in IKE for a user authentication).
      Just to precise my needs :
        - I'd like to authenticate my users with a certificate because
    this is useful for a remote vpn connection, and also for others needs
    (emails, access to some ressources, applications, etc.)
        - I'd like to authenticate the corporate laptops with a unique
    certificate stored securely on it : this is useful to only allow a
    full network access to the corporate network to trusted machines, and
    also to revocate certificates of laptops that might be stolen/lost.

    Thanks a lot for any help,
    Peyman

  • Next message: furtiworld2_at_gmail.com: "Re: Wireless Security"

    Relevant Pages

    • Re: Certificate Services - What is it?
      ... Are you looking to get strong authentication of the clients or just protect ... SSL does require certificates, ... authenticate the server to the user and to authenticate the user to the ...
      (microsoft.public.security)
    • Re: IPSec and CAs
      ... server - downlevel clients do not support ipsec, ... > connections and also to authenticate to websites it runs. ... > installing a standalone CA to manually configure certificates for client ... then configuring the box for IPSec connections only. ...
      (microsoft.public.win2000.security)
    • Re: Smart card EAP authenticarion on Windown 2003 RRAS server
      ... access policies to allow only EAP 'Smart card or other certificate' ... using their smart cards or certificates stored on their computers. ... I would like to permit access only to users who can authenticate ... There is no 'ONLY Smart card' EAP type that I could ...
      (microsoft.public.windows.server.networking)
    • Re: Enterprise CA and RADIUS authentication
      ... RADIUS on Win 2K server - Isn't it? ... ALL I need is to authenticate the wireless clients ONLY. ... > templates and autoenrollment for both user and computer certificates for XP ...
      (microsoft.public.win2000.security)
    • Re: Foiling MITM attacks on source and ports trees
      ... |>> On the other hand, I don't trust Verisign, either. ... |> In the less virtual world, we only trust governments to provide identity ... |> Commerce to provide certificates for businesses. ... authenticate a service designed to be open to the general public. ...
      (freebsd-questions)