Re: [PEN-TEST] Your opinions ... more info

[krisk <krisk () medshoppeintl com>]

> VPN Solution:
> Windows 2000 Server and Windows 2000 clients was the solution I was
> recommending as a stronger solution.  Given what I have read, I could not
> see where this solution would add any support burden over the certificate
> solution.  This solution uses  client/server IP tunneling with PPTP/L2TP,
> MS-CHAP v.2, and certificate authentication.

Jim, I'll put in another 2 cents and leave it alone.. Going back to your
other main objectives stated, VPN and Certificate or Certificate alone, and
choice of OS platform, I would consider some form of VPN or encryption to be
MORE important than the certificate. PPTP has NOT been considered secure for
some time, and I would highly discourage it's use for any banking functions.
We have been investigating Citrix NFuse / Metaframe solution to provide a
similar functionality for some time and I have been fairly impressed so far.
The Nfuse solution will provide a 128 bit RC5 encrypted session to mulitple
client OS's who only need a compatible web browser, No client distribution,
installation setup or troubleshooting needed (or minimal), thereby
eliminating the support costs for rolling out your "VPN". The more you talk
the more it sounds like what you are looking for. http://www.citrix.com The
certificates can be added later, or implemented from the start along with
it.
Enjoy!

Kris Kistler
MCSE, MCP+I, GSEC, CCNA, CNA, CCA, A+
WAN Communications / Security Administrator
St. Louis, MO