Educause Security Discussion mailing list archives
Re: Campus VPN Services
From: Mark Poepping <poepping () CMU EDU>
Date: Thu, 21 Aug 2003 00:40:24 -0400
in this example: . are your "filter-circumvention" requirements many-many or many-few? i.e. do people have Exchange servers and file shares all over the place or are they mostly trying to get to [relatively few] enterprise Exchange servers or File servers? . I guess I'm wondering about the possibility and potential benefits of providing a general-purpose circumvention (e.g. vpn) for [all] users versus a special-purpose exception for certain servers/services when you need it (i.e. block 135, except to known clean servers that need 135 and should be available)... I wonder about giving the whole constituency a trapdoor around whatever port filters. If there are 10000 systems in homes (that are largely unprotected from the internet) that have unfiltered access to the rest of my campus, what does that do to the effectiveness of my filters? I know they still help, but I wonder how much, and that weighed against/with the costs of the vpn.. mark.
-----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Iglesias Sent: Thursday, August 21, 2003 12:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Campus VPN ServicesSorry if I missed it somewhere along the way, but is anybody willing to share a link to their high-level requirements and cost-benefit analysisforinvesting in an enterprise vpn (projected benefits weighed against round numbers for costs in HW, SW, scaling issues, and support)?We setup our VPN mostly because we were going to close off the NetBIOS ports and needed a way for people to be able to use them from off-campus (like for Exchange, mounting shares from home, etc). We didn't do much in the way of requirements or cost-benefit analysis because we knew we needed to do it. We tried one other brand of VPN concentrator but it could not authenticate users to our Kerberos server, and would not be able to in time for us to fully test it, so we went with Cisco (which we setup to use a modified RADIUS server to authenticate to Kerberos). Mike Iglesias Email: iglesias () draco acs uci edu University of California, Irvine phone: 949-824-6926 Network & Academic Computing Services FAX: 949-824-2069 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Campus VPN Services Angel L Cruz (Aug 20)
- <Possible follow-ups>
- Re: Campus VPN Services Gary Dobbins (Aug 20)
- Re: Campus VPN Services Mike Iglesias (Aug 20)
- Re: Campus VPN Services Mark Poepping (Aug 20)
- Re: Campus VPN Services Mike Iglesias (Aug 20)
- Re: Campus VPN Services Mark Poepping (Aug 20)
- Re: Campus VPN Services Michael Sinatra (Aug 21)
- Re: Campus VPN Services Mike Iglesias (Aug 21)
- Re: Campus VPN Services Matthew Keller (Aug 21)
- Re: Campus VPN Services H. Morrow Long (Aug 21)
- Re: Campus VPN Services Mark Poepping (Aug 22)
- Re: Campus VPN Services Mike Iglesias (Aug 22)
- Re: Campus VPN Services H. Morrow Long (Aug 22)
- Re: Campus VPN Services H. Morrow Long (Aug 22)