Re: Dialup vs. VPN

[Aaron Goldblatt <aglists () goldblatt net>]

>       I am trying to look at the pros and cons of running a bank of dialup modems
> with the Cisco radius authentication vs. VPN setups in conjunction with our
> firewall.  My thought is that it may be best to run a combination of both.
> What are the security implications?  Should they be viewed as mutually
> exclusive?  What is happening in the real world?

I usually recommend a VPN with some kind of one-time authentication scheme
(or other decent authentication mechanism) rather than maintaining your own
dial-up lines.  A VPN is relatively simple to implement, and any decent
firewall package will support it.  A bank of modems is always a pain, if
for no other reason than the ever-present "I can't connect!" support call.
A bank of modems and a bank of lines is not something I absolutely need to
do myself to support or protect my core business, so why not let someone
else handle it?

You're going to have to have the authentication scheme in place anyway, to
protect who connects via the modem, so authentication really isn't that big
a deal.  So, why make more work?

I'm a big believer in the idea that I should create an environment where my
phone needs never ring.  Installing a bank of modems is an invitation for
support calls.  Why not let commercial ISP's field those calls?