[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vpn
Subject:    RE: Dialup vs. VPN
From:       "David Bovee" <dbovee () nw ! verio ! net>
Date:       1998-09-30 23:52:04
[Download RAW message or body]

> >From: "Gary Scheel" <gscheel@mail.pps.k12.or.us>
> >
> >	I am trying to look at the pros and cons of running a bank
> of dialup modems
> >with the Cisco radius authentication vs. VPN setups in
> conjunction with our
> >firewall.  My thought is that it may be best to run a
> combination of both.
> >What are the security implications?  Should they be viewed as mutually
> >exclusive?  What is happening in the real world?
> >
> >	Any comments, views, or pointers would be greatly appreciated.
> >
> >Thanks,
> >Gary
> >

Gary,

	You should consider, at a minimum, the following:

* Requirements for the remote access. If the requirement is mission critical
(off-site salespersons running applications in real time at customer sites
that cannot afford any performance problems or embarrassment), then the
dial-up would be favored. [Note that this is clearly exaggerated toward the
extreme to make the point.]

* You didn't mention your firewall type. You should probably investigate
other installations using the same firewall (assuming I understood the two
options above, one being -integrated- with the firewall).

* Costs. Sometimes, it is less expensive to purchase and implement a new
system than to capitalize on existing infrastructure (due to sheer cost/seat
of client licensing) for example. This must be reconciled with your budget.

* Security. Dialing straight up to a terminal server is more secure,
generally speaking, than using a network path. However, encrypting a session
on the Internet from end-to-gateway also affords some security that is
generally unavailable in common dial-up environments, such as encryption to
the client.

* Management. Most VPN solutions offer things like RADIUS authentication,
which should nullify any contrasts between authenticating direct dial-up and
VPN. This obviously simplifies management of the system.

	If you care to post or reply with more specific questions, I would be happy
to reply with some additional comments.  Good luck in your search.

David Bovee                   Verio Security Services
Security Engineer             15400 SE 30th Pl, Suite 202
mailto:dbovee@nw.verio.net    Bellevue, WA 98007
(425) 649-7466

****************************************************************
TO POST A MESSAGE on this list, send it to vpn@listserv.iegroup.com

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn@listserv.iegroup.com

****************************************************************

[prev in list] [next in list] [prev in thread] [next in thread]