RE: Double authentication (User & Machine) with VPN SSL

From: Weatherford, Chad (CWeatherford_at_scvl.com)
Date: 10/13/05

  • Next message: Ryan, Neil (Mission Systems): "RE: Change MTU settings on Solaris 5.9"
    Date: Thu, 13 Oct 2005 16:53:45 -0500
    To: "Peyman" <peyman.secu@gmail.com>, <security-basics@securityfocus.com>
    
    

    What are your remote users connecting to on your end? A firewall,
    concentrator?
     

    -----Original Message-----
    From: Peyman [mailto:peyman.secu@gmail.com]
    Sent: Thursday, October 13, 2005 12:36 PM
    To: security-basics@securityfocus.com
    Subject: Double authentication (User & Machine) with VPN SSL

    Dear all,

      I was wondering if with a VPN SSL solution, it is possible to
    authenticate the user and the machine both, with their certificates.
      I know that this could be possible with IPSec Over L2TP (machine
    authentication with L2TP, and user authentication with IPSec), and not
    possible with pure IPSec (just a basic login/password with X-Auth
    available in IKE for a user authentication).
      Just to precise my needs :
        - I'd like to authenticate my users with a certificate because
    this is useful for a remote vpn connection, and also for others needs
    (emails, access to some ressources, applications, etc.)
        - I'd like to authenticate the corporate laptops with a unique
    certificate stored securely on it : this is useful to only allow a
    full network access to the corporate network to trusted machines, and
    also to revocate certificates of laptops that might be stolen/lost.

    Thanks a lot for any help,
    Peyman


  • Next message: Ryan, Neil (Mission Systems): "RE: Change MTU settings on Solaris 5.9"

    Relevant Pages

    • Re: PEAP-TLS vs EAP-TLS
      ... MSCHAPV2 will not be used and then maybe that would be PEAP-TLS. ... select authentication method there are two choices - secured password ... certificates for both server authentication and client authentication; ... I think this means that there's a PEAP-TLS that's separate from EAP-TLS ...
      (microsoft.public.windows.server.security)
    • Re: public key vs passwd authentication?
      ... note that in the generic description of 3-factor authentication, ... certification authorities, and/or certificates ... considered a totally orthogonal business issue. ... possible to deploy a digital signature based two-factor authentication ...
      (comp.security.ssh)
    • RE: IAS server blues (Cant get 802.1x to work)
      ... clients. ... and it appears that the certificates are deploying correctly. ... Proxy-Policy-Name = Use Windows authentication for all users ... IAS Log Sample ...
      (microsoft.public.windows.server.general)
    • client certificates for authentication but not encryption
      ... resolved the crash, but at the cost of using a secure ... client certificates for authentication but not encryption ... > server using the WebDAV protocol. ...
      (microsoft.public.inetserver.iis.security)
    • Re: Allow only Domain PCs to access Network
      ... NAC, where TCP/UDP traffic may be used to connect to a policy server (rather ... certificates stored in TPMs or SmartCards are even ... authentication, and require client certificates (as in - Computer ... that users haven't got admin access to computer certificate stores (this ...
      (microsoft.public.security)