RE: Securing Web access from internet

["David Gillett" <gillettdavid () fhda edu>]

  Years back, I worked on a network where we had a requirement 
like this, which we met by deploying a PIX as gateway with an
attached TACACS+ server.  Clients who telnetted to the gateway
and authenticated against TACACS+ got access to the network
beyond the gateway.
  More recently, I've been using some of the authentication
services offered by CheckPoint's FW-1 firewall and BlueSocket's
"wireless" security box.  I suspect that user authentication
as a firewall feature has become fairly widespread, although
I'm not sure how common on boxes costing less than about $10K.

David Gillett


> -----Original Message-----
> From: Bob Freeman [mailto:cm94 () hotmail com]
> Sent: August 6, 2003 08:58
> To: security-basics () securityfocus com
> Subject: Securing Web access from internet
>
>
>
>
> Hi everyone,  We have a web application on our LAN (based on 
> IIS) and we want to make  this web application available from 
> the internet for specific  users/workstation.  1)I want to 
> make sure that these users/workstation are authenticated  
> BEFORE accessing the local network.  2)I want to make sure 
> that the information transiting on the public  network is 
> encrypted  3)I would prefer to not have anything to install 
> on the remote  workstations (if possible)  4)I don't want a 
> VPN solution.  I don't know much about the product I need but 
> I suppose it would be a  kind of web relay/authentication 
> server installed in our DMZ.   Do you have product to 
> propose?  Thanks  Bob Freeman
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------