[prev in list] [next in list] [prev in thread] [next in thread]
List: vpn
Subject: RE: Dialup vs. VPN
From: "David Bovee" <dbovee () nw ! verio ! net>
Date: 1998-09-30 23:52:04
[Download RAW message or body]
> >From: "Gary Scheel" <gscheel@mail.pps.k12.or.us>
> >
> > I am trying to look at the pros and cons of running a bank
> of dialup modems
> >with the Cisco radius authentication vs. VPN setups in
> conjunction with our
> >firewall. My thought is that it may be best to run a
> combination of both.
> >What are the security implications? Should they be viewed as mutually
> >exclusive? What is happening in the real world?
> >
> > Any comments, views, or pointers would be greatly appreciated.
> >
> >Thanks,
> >Gary
> >
Gary,
You should consider, at a minimum, the following:
* Requirements for the remote access. If the requirement is mission critical
(off-site salespersons running applications in real time at customer sites
that cannot afford any performance problems or embarrassment), then the
dial-up would be favored. [Note that this is clearly exaggerated toward the
extreme to make the point.]
* You didn't mention your firewall type. You should probably investigate
other installations using the same firewall (assuming I understood the two
options above, one being -integrated- with the firewall).
* Costs. Sometimes, it is less expensive to purchase and implement a new
system than to capitalize on existing infrastructure (due to sheer cost/seat
of client licensing) for example. This must be reconciled with your budget.
* Security. Dialing straight up to a terminal server is more secure,
generally speaking, than using a network path. However, encrypting a session
on the Internet from end-to-gateway also affords some security that is
generally unavailable in common dial-up environments, such as encryption to
the client.
* Management. Most VPN solutions offer things like RADIUS authentication,
which should nullify any contrasts between authenticating direct dial-up and
VPN. This obviously simplifies management of the system.
If you care to post or reply with more specific questions, I would be happy
to reply with some additional comments. Good luck in your search.
David Bovee Verio Security Services
Security Engineer 15400 SE 30th Pl, Suite 202
mailto:dbovee@nw.verio.net Bellevue, WA 98007
(425) 649-7466
****************************************************************
TO POST A MESSAGE on this list, send it to vpn@listserv.iegroup.com
We are currently experiencing "unsubscribe" difficulties. If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn@listserv.iegroup.com
****************************************************************
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic