Educause Security Discussion mailing list archives
Re: How to Protect Campus Sensitive Servers
From: schilling <schilling2006 () GMAIL COM>
Date: Thu, 4 Feb 2010 12:32:40 -0500
Thanks all for replying. Are you talking about juniper SA group/role mapping? Shiling On Thu, Feb 4, 2010 at 9:46 AM, Julian Y. Koh <kohster () northwestern edu> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We use an SSL VPN product for things like system administration of servers, sensitive data, and vendor/consultant access. The point of course is not that it's SSL VPN per se, but we just classify users by group and assign specific pools of IPs to each group. If multiple groups need access to the same server, then we just allow both pools of IPs. After all, assuming there's proper logging of VPN access and server activity, we can trace back any bad activity to a specific user rather easily. The users then don't have to remember which group to log in as a member of, since that's all handled automatically when they log into the SSL VPN. The system is smart enough to know that when a user is a member of multiple groups, he/she gets a merged set of resources that he/she can access. This does raise some complications in terms of which actual IP address is used from the client perspective, but this is only an issue in a few cases and can usually be dealt with by opening up the conflicting resources to an extra IP pool. -----BEGIN PGP SIGNATURE----- Version: 9.9.1.287 wj8DBQFLat2qDlQHnMkeAWMRApnXAKC6sjKn8O6xYHVcdyFFO1JSb5uEKwCg4ey/ saLiJ3dCBCO5GimbpdXpe24= =lPcG -----END PGP SIGNATURE----- -- Julian Y. Koh <mailto:kohster () northwestern edu> Manager, Network Transport <phone:847-467-5780> Telecommunications and Network Services Northwestern University PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
Current thread:
- How to Protect Campus Sensitive Servers schilling (Feb 04)
- <Possible follow-ups>
- Re: How to Protect Campus Sensitive Servers Pete Hickey (Feb 04)
- Re: How to Protect Campus Sensitive Servers Sam Stelfox (Feb 04)
- Re: How to Protect Campus Sensitive Servers Sarazen, Daniel (Feb 04)
- Re: How to Protect Campus Sensitive Servers Julian Y. Koh (Feb 04)
- Re: How to Protect Campus Sensitive Servers Valdis Kletnieks (Feb 04)
- Re: How to Protect Campus Sensitive Servers Di Fabio, Andrea (Feb 04)
- Re: How to Protect Campus Sensitive Servers schilling (Feb 04)
- Re: How to Protect Campus Sensitive Servers schilling (Feb 04)
- Re: How to Protect Campus Sensitive Servers Julian Y. Koh (Feb 04)
- Re: How to Protect Campus Sensitive Servers Richard Hopkins (Feb 05)
- Re: How to Protect Campus Sensitive Servers Christian Hroux (Feb 08)