Educause Security Discussion mailing list archives
Re: The VPN question
From: Julian Y Koh <kohster () NORTHWESTERN EDU>
Date: Thu, 30 Jun 2011 12:11:08 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu Jun 30 07:01:57 2011 Central Time, "Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU> wrote:
I have a question about the your VPNs. Why so many roles?
Our traditional (aka IPSec, PPTP, L2TP/IPSec) VPN service is our general-purpose remote access VPN for anyone at the University. There's no split tunneling on that service, and all users are placed in a large /21 address pool. 4+ years ago, we rolled out the SSL VPN specifically targeted at sysadmins, external vendors/consultants/collaborators, and users of sensitive applications/data so that we we could provide customized access rules for those different user groups. This allows us to give out specific IPs for different groups, which makes firewall rules much tighter. We can also do endpoint security compliance for groups that request it. - -- Julian Y. Koh <mailto:kohster () northwestern edu> Manager, Network Transport <phone:847-467-5780> Telecommunications and Network Services Northwestern University PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html> -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAk4MZ9sACgkQDlQHnMkeAWMFIQCgt1DgUb9PnQnx8hWAt0hk6KZg W/AAoKqz8R0+xmR2nlNE/io6TPGDXB1/ =Pee1 -----END PGP SIGNATURE-----
Current thread:
- The VPN question Jay Graham (Jun 29)
- Re: The VPN question Lovaas,Steven (Jun 29)
- Re: The VPN question Chris Green (Jun 30)
- Re: The VPN question Julian Y Koh (Jun 30)
- Re: The VPN question Bradley, Stephen W. Mr. (Jun 30)
- Re: The VPN question Julian Y Koh (Jun 30)
- Re: The VPN question Bradley, Stephen W. Mr. (Jun 30)
- Re: The VPN question Jeff Kell (Jun 30)
- Re: The VPN question Bradley, Stephen W. Mr. (Jun 30)
- Re: The VPN question Lovaas,Steven (Jun 29)