RE: SSL VPN

["Optrics Engineering - Shaun Sturby, MCSE" <Shaun () Optrics com>]

Hello John,

Have you read the recent Lightreading testing results?

http://www.lightreading.com/document.asp?doc_id=44442

Eight vendors took part in this evaluation:

Array Networks Inc. 
Aventail Corp. 
NetScaler Inc. 
NetScreen Technologies Inc. (Nasdaq: NSCN - message board) 
Nortel Networks Corp. (NYSE/Toronto: NT - message board) 
PortWise AB 
Symantec Corp. (Nasdaq: SYMC - message board) 
Whale Communications Ltd.

The Netscaler did the best under DDoS attack.

Shaun

-----Original Message-----
From: John Canty [mailto:John.Canty () Vibro-Meter com]
Sent: Friday, December 12, 2003 5:58 AM
To: security-basics () securityfocus com
Subject: SSL VPN

My question to the populace of this list, is fairly straight forward.
First, does anyone have one of these "new fangled" devices, and gone
through its setup? If so, Do you see any potential for security
problems, that being the case, what are they? I expect to put this thing
in the dmz, probably not the way it was originally intended to work, and
I also understand the implications of opening up the AD ports to the
back end of the DMZ. I feel this risk is minimal due to the ability to
remove most other servers from the dmz, and use this appliance/device
for most of the user transaction processing. Relay servers will remain
in the dmz, but even the comprimise of a relay server has minimal effect
as long as it is noticed. Which leads to another question about the vpn
appliances, under ideal circumstances I would like to dump its system
logs off to a syslog server, has anyone done this?

Thank you in advance for your help,

//John

---------------------------------------------------------------------------
----------------------------------------------------------------------------