Security Basics mailing list archives
AW: Securing Web access from internet
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Thu, 7 Aug 2003 08:48:57 +0100
I agree, authenticating on the firewall is the best way to go. checkpoint fw-1 and rsa secureid work great together too for this. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg ______________ Es gibt 10 arten von Menschen auf dem Planeten, welche die Binär verstehen, und welche die es nicht tun. -----Ursprüngliche Nachricht----- Von: David Gillett [mailto:gillettdavid () fhda edu] Gesendet: Wednesday, August 06, 2003 10:57 PM An: 'Bob Freeman'; security-basics () securityfocus com Betreff: RE: Securing Web access from internet Years back, I worked on a network where we had a requirement like this, which we met by deploying a PIX as gateway with an attached TACACS+ server. Clients who telnetted to the gateway and authenticated against TACACS+ got access to the network beyond the gateway. More recently, I've been using some of the authentication services offered by CheckPoint's FW-1 firewall and BlueSocket's "wireless" security box. I suspect that user authentication as a firewall feature has become fairly widespread, although I'm not sure how common on boxes costing less than about $10K. David Gillett
-----Original Message----- From: Bob Freeman [mailto:cm94 () hotmail com] Sent: August 6, 2003 08:58 To: security-basics () securityfocus com Subject: Securing Web access from internet Hi everyone, We have a web application on our LAN (based on IIS) and we want to make this web application available from the internet for specific users/workstation. 1)I want to make sure that these users/workstation are authenticated BEFORE accessing the local network. 2)I want to make sure that the information transiting on the public network is encrypted 3)I would prefer to not have anything to install on the remote workstations (if possible) 4)I don't want a VPN solution. I don't know much about the product I need but I suppose it would be a kind of web relay/authentication server installed in our DMZ. Do you have product to propose? Thanks Bob Freeman -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- AW: Securing Web access from internet Meidinger Chris (Aug 07)