Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Your opinions ... more info
From: krisk <krisk () medshoppeintl com>
Date: Wed, 1 Nov 2000 07:24:32 -0600

VPN Solution:
Windows 2000 Server and Windows 2000 clients was the solution I was
recommending as a stronger solution.  Given what I have read, I could not
see where this solution would add any support burden over the certificate
solution.  This solution uses  client/server IP tunneling with PPTP/L2TP,
MS-CHAP v.2, and certificate authentication.

Jim, I'll put in another 2 cents and leave it alone.. Going back to your
other main objectives stated, VPN and Certificate or Certificate alone, and
choice of OS platform, I would consider some form of VPN or encryption to be
MORE important than the certificate. PPTP has NOT been considered secure for
some time, and I would highly discourage it's use for any banking functions.
We have been investigating Citrix NFuse / Metaframe solution to provide a
similar functionality for some time and I have been fairly impressed so far.
The Nfuse solution will provide a 128 bit RC5 encrypted session to mulitple
client OS's who only need a compatible web browser, No client distribution,
installation setup or troubleshooting needed (or minimal), thereby
eliminating the support costs for rolling out your "VPN". The more you talk
the more it sounds like what you are looking for. http://www.citrix.com The
certificates can be added later, or implemented from the start along with
it.
Enjoy!

Kris Kistler
MCSE, MCP+I, GSEC, CCNA, CNA, CCA, A+
WAN Communications / Security Administrator
St. Louis, MO


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault