Re: Aside from Firewall ..

[Joseph S D Yao <jsdy () cospo osis gov>]

> A customer has an Extranet for its business partners, suppliers and
> customers.  He has already had Checkpoint Firewall-1 in place.  We are
> debating whether Digital Certificate or VPN to be used.

False dichotomy.  A digital certificate is a means of authentication.
A VPN is a means of communication.  The former can be used to help set
up the latter.  Actually, now that I think about it, the reverse is
also true.  ;-}

You may be asking whether the people using a specific resource should
be required to authenticate at that resource using their certificate,
or whether the existence of a VPN suffices to authenticate them.  Or
you may be talking about authenticating to a public resource via a
certificate vs. creating a VPN tunnel from a desktop system.  It's hard
to tell.  And in any case, any answer would require consideration of
what needs to be protected, what the risks are if the technique is not
used, and what the costs are if it is used.

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.