Penetration Testing mailing list archives
Re: [PEN-TEST] Your opinions ... more info
From: Jim Miller <MillerJ () FABSSB COM>
Date: Tue, 31 Oct 2000 14:56:59 -0600
The client responded that he did not want to support the additional cost of VPN. I dispute that there is additional cost over cert/SSL. What VPN adds is described on page 6 of the document, in a section titled "Requiring Use of Windows NT Passwords". This allows use of MS Win NT administered password policies. We should all read the document before we continue. http://www.microsoft.com/NTServer/commserv/deployment/planguides/VPNSecurity.asp dsimonis () FIDERUS COM 10/31/00 01:17PM >>> "St. Clair, James" wrote:
I'd say stick the VPN. I agree, afaik Win2k makes VPNs fairly simple. Your client seems neither willing or able to truly take on the significance of handling certificates that precludes the emperor from being without clothes. Jim
Am I the only one who is of the mind that VPN is not congruent to an authentication scheme? From the OP's specifications, his VPN model still used a certificate based auth method:
VPN Solution: Windows 2000 Server and Windows 2000 clients was the solution I was recommending as a stronger solution. Given what I have read, I could not see where this solution would add any support burden over the certificate solution. This solution uses client/server IP tunneling with PPTP/L2TP, MS-CHAP v.2, and certificate authentication.
^^^^^^^^^^^^^^^^^^^^^^^^^^ Either way, he is authenticating via cert. Either way, he plans to use SSL. What advantage does PPTP offer to this solution? What about PPTP makes the administration of this solution easier? Jim Miller, CISA, CDP VP & IS Audit Mgr First American Bank Texas Bryan, Texas 77805-8100 979/361-6515 801/835-5546 millerj () fabssb com
Current thread:
- [PEN-TEST] Your opinions ... more info Jim Miller (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info Drew Simonis (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info van der Kooij, Hugo (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info L.W. (Nov 01)
- <Possible follow-ups>
- Re: [PEN-TEST] Your opinions ... more info St. Clair, James (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info Drew Simonis (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info Jim Miller (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info krisk (Nov 02)
- Re: [PEN-TEST] Your opinions ... more info Jim Miller (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info Matthew Micene (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info David Vandervort (Nov 01)