Re: Teleworking

[JGrimshaw () ASAP com]

I didn't realize you were actually looking for a reply until you sent the 
second message.

Since he never mentioned firewalls to begin with, just VPNs, I stuck with 
just the VPNs. 

But yes, it would be a good idea to implement some sort of client 
firewall. I think he needs to solve his VPN issues first, though!  It is a 
bit of a chicken-or-the-egg proposal, which to deploy first--but he seems 
focused on VPNs at the moment.





Ramsy <ramsyl () itsecure com> 
11/11/2003 11:04 PM

To
David Lanagan <DLanagan () sterlinginsurancegroup com>
cc
JGrimshaw () ASAP com, security-basics () securityfocus com
Subject
Re: Teleworking






Hi

What about a firewall ? VPN with out a firewall can be hole!
Sonicwall box has inbuilt vpn and firewall capabilities and good 
performance

Regards
Ramsy

JGrimshaw () ASAP com wrote:

> You could always allow for a Cisco router at the employees home; a DSL 
or
> cable router in the 800 series of routers would work, with the option of 
a
> hardware VPN accelerator.
>
> Some models have a four-port switch installed, and you can configure the
> router to allow only specific MAC addresses to connect via the VPN 
tunnel.
>  So, Bob from Accounting can connect from his work issued laptop, 
without
> any client installed on it (and as such, would never need updating) and 
he
> can connect his printer to the switch, have a wireless home network 
access
> point hooked up and the rest of his family--but only his laptop would
> touch the tunnel (or if you prefer, his printer too).
>
> The tunnel can connect to a PIX or a router at the business.
>
> If VoIP was deployed, you cannot use QoS on the PIX, but you could on 
the
> router.  So, if a scheduled backup job kicked off when the employee was
> connected, VoIP would suffer if you terminated the tunnel on a PIX.  But
> if its a router-to-router connection, you could configure for VoIP 
traffic
> to receive priority.
>
> "David Lanagan" <DLanagan () sterlinginsurancegroup com>
> 11/10/2003 04:39 AM
>
> To
> <security-basics () securityfocus com>
> cc
>
> Subject
> Teleworking
>
> I'm about to embark on a teleworking project and would like to ask you
> guys the following...
>
> I was going to be using Cisco-based 3des VPNs out to clients who will 
use
> the vpn client s/w loaded on their machines, an adsl connection and 
citrix
> for a remote desktop.
>
> I was going to employ a securID or similar box to provide additional
> security.
>
> Could anyone out there recommend any other options?  I want the 
connection
> to be very secure and allow for a concurrent usage of up to 50 clients
> coming in at any one time.
>
> Your help will be much appreciated...
>
> Regards,
>
> Dave.
>
> ________________________________________________________________________
> Dave Lanagan
> Lead  - Infrastructure Development
> Tel: 020 8334 1548
> Fax: 020 8948 0161
> Mail: dlanagan () sterlinginsurancegroup com
>
> The information transmitted is intended only for the person or
> entity to which it is addressed and may contain confidential
> and/or privileged material.  Any review, retransmission,
> dissemination or other use of, or taking of anyaction in reliance
> upon, this information by persons or entities other than the
> intended recipient is prohibited. If you received this in error,
> please contact the sender and delete the material from any
> computer.  The views expressed in this message do not necessarily
> reflect those of Sterling Insurance Group Ltd or any of its
> subsidiary companies.
---------------------------------------------------------------------------
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services 
security
> to
> simplify the management and deployment of PGP and reduce overall PGP 
costs
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial -
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------
>
---------------------------------------------------------------------------
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services 
security to
> simplify the management and deployment of PGP and reduce overall PGP 
costs
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial -
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------


--------------------------------------------------------------
I T Secure, Mumbai, India




---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security 
to 
simplify the management and deployment of PGP and reduce overall PGP costs 

by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------