From: Shlomi Kramer (sk180174@gmail.com)
Date: Fri Sep 21 2007 - 05:43:54 ART
Check out the JUNIPER SSL VPN solution..
It seems to give all what your looking for.
Need any info just ask
www.juniper.net
On 9/20/07, pankaj ahuja <networksecurityconsultant@gmail.com> wrote:
>
> Thank you!
>
> I agree with you that one should not give broad access to devices not
> under
> our control. for some reason the bosses wanted to provide the capability
> to
> use almost any system and yet protect security.
>
> CSD was one option that looked like could help us in opening a little more
> access while at the same time protecting the resources.
>
> As you suggested I'd start evaluating the kind of services we'd want to
> provide remote access for and then divide them into less and more secure
> and
> configure the methods for accessing the same.
>
> Appreciate your help on this.
>
> Thanks again !
>
> Pankaj
>
>
> On 9/20/07, Christian Zeng <christian@zengl.net> wrote:
> >
> > Hi,
> >
> > * pankaj ahuja wrote:
> > > We're looking at providing our users a solution which should
> prefereably
> > be
> > > clientless and should allow users to be able to VPN in from the worst
> > > possible places like a Cyber cafe and still prevent the network from
> > getting
> > > infected with Viruses and worms etc.
> >
> > I never would allow a device that is not under your control relatively
> > broad access to a company network - especially not from internet cafe
> > pcs. For example, our corporate IT has provided two ways of remote
> > access over SSL VPN: the first is web only to corporate internet and
> > OWA, the second one is real SSL VPN. You only get SSL VPN if your end
> > station follows company rules == is identified as a company end station
> > by looking at various implementation details. We use Juniper for that,
> > you can try to do that in a Cisco environment, too (NAC).
> >
> > > CSD - don't know much about that yet.
> >
> > I had a quick look at it during one of the CCSP exams, I really cant say
> > much about it. On the other had - why not use a terminal server-like
> > solution then - Citrix offers web-based access to a terminal server, for
> > example. Also, the concentrator can function as a Citrix Secure Gateway
> > through webvpn.
> >
> > I know that this can cost a lot of money, perhaps its better to look
> > first if you can divide the services offered into less secure (= less
> > access rights, applicable to be used from foreign systems) and more
> > secure (= only accessible from systems that you control and that comply
> > to company security rules).
> >
> >
> >
> > Christian
>
>
-- "Keep it going SMILE"
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:15 ART