Firewall Wizards mailing list archives
Re: Dialup vs. VPN
From: Aaron Goldblatt <aglists () goldblatt net>
Date: Wed, 30 Sep 1998 18:07:31 -0500
I am trying to look at the pros and cons of running a bank of dialup modems with the Cisco radius authentication vs. VPN setups in conjunction with our firewall. My thought is that it may be best to run a combination of both. What are the security implications? Should they be viewed as mutually exclusive? What is happening in the real world?
I usually recommend a VPN with some kind of one-time authentication scheme (or other decent authentication mechanism) rather than maintaining your own dial-up lines. A VPN is relatively simple to implement, and any decent firewall package will support it. A bank of modems is always a pain, if for no other reason than the ever-present "I can't connect!" support call. A bank of modems and a bank of lines is not something I absolutely need to do myself to support or protect my core business, so why not let someone else handle it? You're going to have to have the authentication scheme in place anyway, to protect who connects via the modem, so authentication really isn't that big a deal. So, why make more work? I'm a big believer in the idea that I should create an environment where my phone needs never ring. Installing a bank of modems is an invitation for support calls. Why not let commercial ISP's field those calls?
Current thread:
- Re: Dialup vs. VPN James Moore (Oct 01)
- <Possible follow-ups>
- Re: Dialup vs. VPN Aaron Goldblatt (Oct 01)