Penetration Testing mailing list archives
Re: [PEN-TEST] Your opinions ... more info
From: krisk <krisk () medshoppeintl com>
Date: Wed, 1 Nov 2000 07:24:32 -0600
VPN Solution: Windows 2000 Server and Windows 2000 clients was the solution I was recommending as a stronger solution. Given what I have read, I could not see where this solution would add any support burden over the certificate solution. This solution uses client/server IP tunneling with PPTP/L2TP, MS-CHAP v.2, and certificate authentication.
Jim, I'll put in another 2 cents and leave it alone.. Going back to your other main objectives stated, VPN and Certificate or Certificate alone, and choice of OS platform, I would consider some form of VPN or encryption to be MORE important than the certificate. PPTP has NOT been considered secure for some time, and I would highly discourage it's use for any banking functions. We have been investigating Citrix NFuse / Metaframe solution to provide a similar functionality for some time and I have been fairly impressed so far. The Nfuse solution will provide a 128 bit RC5 encrypted session to mulitple client OS's who only need a compatible web browser, No client distribution, installation setup or troubleshooting needed (or minimal), thereby eliminating the support costs for rolling out your "VPN". The more you talk the more it sounds like what you are looking for. http://www.citrix.com The certificates can be added later, or implemented from the start along with it. Enjoy! Kris Kistler MCSE, MCP+I, GSEC, CCNA, CNA, CCA, A+ WAN Communications / Security Administrator St. Louis, MO
Current thread:
- [PEN-TEST] Your opinions ... more info Jim Miller (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info Drew Simonis (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info van der Kooij, Hugo (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info L.W. (Nov 01)
- <Possible follow-ups>
- Re: [PEN-TEST] Your opinions ... more info St. Clair, James (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info Drew Simonis (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info Jim Miller (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info krisk (Nov 02)
- Re: [PEN-TEST] Your opinions ... more info Jim Miller (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info Matthew Micene (Nov 01)
- Re: [PEN-TEST] Your opinions ... more info David Vandervort (Nov 01)