Re: Another RWW versus VPN question
- From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
- Date: Mon, 27 Mar 2006 19:40:01 -0800
And after Blackhat I wouldn't be trusting of Cisco PIX either.
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Sarbanes Oxley and all other regulations are silent as to technology. I am on a BOSS (Center for Internet Security) committee where they are trying to state that two factor auth is a prudent minimum..
A Pix does not ...by itself make you more secure.
VPN "can" make you more insecure.
One could argue that after the CISCO/Michael Lynn Blackhat/Vegas issue that Cisco isn't that secure.
What does RWW give me.... especially with Dana Epps' firewall tool (google on Scorpion Software)
I have full authentication through my firewall.
I track who comes in, who goes out.
I have egress filtering
I have paranoia
I have an acceptable use policy.
With VPN access, the data could be pulled over the wire to my home users, they "could" introduce more risk to my network if they are not patched, updates and protected. Yes there is NAP technology but it's too new at this time.
What makes me secure is "my" awareness, my employees awareness...NOT technology.. not VPN, not pix, not anything...technology doesn't make me secure... a trained end user is my best tool.
FAQs - Is Remote Web Workplace with RDP more secure...:
http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=11&Source=http%3A%2F%2Fwww%2Esbsfaq%2Ecom%2Fdefault%2Easpx
John wrote:
Setup
SBS2003 SP1 Standard
Dual NIC
SonicWall TZ150 with IPS, Antispyware and Antivirus services running
Ports 25,443,444,1723 and 4125 open
I have a client that recently had a programmer from a large security based company come by and demo the Access database he is working on for them.
During the meeting (which I was not at) he tells the employee that hired him and the owner of the company that the current system is not very secure and that he would never trust Microsoft to be responsible for the security of remote access. His solution is a PIX firewall and VPN access.
My client has asked me to put in writing the differences between his solution and our current solution.
I have been researching on the web and newsgroups but haven't found anything that gives me any concrete info on RWW versus VPN besides RWW not allowing full access to the network like VPN. i.e viruses infecting the network from the remote client
Is a VPN tunnel more secure that SSL? 128 bit versus 256?
Is having the SBS box perform the authentication for access inherently less secure than having a hardware device authenticate?
Does anyone know if my setup is compliant?
They deal in financial information and the Sarbans Oxley Act keeps getting brought up
Sorry for all the questions but this is technically beyond my experience.
Thanks
John
- References:
- Another RWW versus VPN question
- From: John
- Re: Another RWW versus VPN question
- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Another RWW versus VPN question
- Prev by Date: Re: Another RWW versus VPN question
- Next by Date: Re: Company Web site
- Previous by thread: Re: Another RWW versus VPN question
- Next by thread: Re: Another RWW versus VPN question
- Index(es):
Relevant Pages
|
