Home page logo

basics logo Security Basics mailing list archives

From: Erik <erik () courttavern net>
Date: Fri, 12 Dec 2003 14:11:15 -0500

V/TCP secure is a layer 4 VPN. Theory is in line with SSL, but proprietary.

I used it for a large financial years ago, and built my own reporting, but
now they have good reporting integrated. They also have an integrated
personal firewall and a policy enforcement component. It's a real nice
package and they cover security from several different perspectives.

You can check it out at http://infoexpress.com/

Or call Stephen at 613-762-0212

-Erik Mintz

From: "John Canty" <John.Canty () Vibro-Meter com>
To: <security-basics () securityfocus com>
Subject: SSL VPN
Date: Fri, Dec 12, 2003, 7:58 AM

I am in the process of revisiting our remote access solution, in doing
so I realize that currently what we have (ipsec vpn) is rather clumsy
and has it's security issues. The flip side of that coin is I also know
what we have, and security problems that are inherent in ipsec vpns are
fairly easy to mitigate.

The reason I am looking at the SSL solution is due to many good things I
hear of it. I can't be lead to believe that this is a perfect system,
and without one in my hands I don't even know what potential risk it may
cause. The neoteris, now netscreen product has so far dominated my
research, it has the fail-over capability and the integration with
(in)active directory, along with the securid functionality as well.

My question to the populace of this list, is fairly straight forward.
First, does anyone have one of these "new fangled" devices, and gone
through its setup? If so, Do you see any potential for security
problems, that being the case, what are they? I expect to put this thing
in the dmz, probably not the way it was originally intended to work, and
I also understand the implications of opening up the AD ports to the
back end of the DMZ. I feel this risk is minimal due to the ability to
remove most other servers from the dmz, and use this appliance/device
for most of the user transaction processing. Relay servers will remain
in the dmz, but even the comprimise of a relay server has minimal effect
as long as it is noticed. Which leads to another question about the vpn
appliances, under ideal circumstances I would like to dump its system
logs off to a syslog server, has anyone done this?

Thank you in advance for your help,




  By Date           By Thread  

Current thread:
  • SSL VPN John Canty (Dec 12)
    • RE: SSL VPN Optrics Engineering - Shaun Sturby, MCSE (Dec 15)
    • <Possible follow-ups>
    • Re: SSL VPN Erik (Dec 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]