Re: Another RWW versus VPN question
- From: "David Elders" <david_elders@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Mar 2006 08:09:06 +0100
And, on the same subject, a posting on Susan's blog relating to a
conversation with Jeff Middleton:
http://msmvps.com/blogs/bradley/archive/0001/01/01/12245.aspx
HTH,
David
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
wrote in message news:e8bCFhhUGHA.224@xxxxxxxxxxxxxxxxxxxxxxx
Sarbanes Oxley and all other regulations are silent as to technology. I
am on a BOSS (Center for Internet Security) committee where they are
trying to state that two factor auth is a prudent minimum.
A Pix does not ...by itself make you more secure.
VPN "can" make you more insecure.
One could argue that after the CISCO/Michael Lynn Blackhat/Vegas issue
that Cisco isn't that secure.
What does RWW give me.... especially with Dana Epps' firewall tool (google
on Scorpion Software)
I have full authentication through my firewall.
I track who comes in, who goes out.
I have egress filtering
I have paranoia
I have an acceptable use policy.
With VPN access, the data could be pulled over the wire to my home users,
they "could" introduce more risk to my network if they are not patched,
updates and protected. Yes there is NAP technology but it's too new at
this time.
What makes me secure is "my" awareness, my employees awareness...NOT
technology.. not VPN, not pix, not anything...technology doesn't make me
secure... a trained end user is my best tool.
FAQs - Is Remote Web Workplace with RDP more secure...:
http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=11&Source=http%3A%2F%2Fwww%2Esbsfaq%2Ecom%2Fdefault%2Easpx
John wrote:
Setup
SBS2003 SP1 Standard
Dual NIC
SonicWall TZ150 with IPS, Antispyware and Antivirus services running
Ports 25,443,444,1723 and 4125 open
I have a client that recently had a programmer from a large security based
company come by and demo the Access database he is working on for them.
During the meeting (which I was not at) he tells the employee that hired
him and the owner of the company that the current system is not very
secure and that he would never trust Microsoft to be responsible for the
security of remote access. His solution is a PIX firewall and VPN access.
My client has asked me to put in writing the differences between his
solution and our current solution.
I have been researching on the web and newsgroups but haven't found
anything that gives me any concrete info on RWW versus VPN besides RWW not
allowing full access to the network like VPN. i.e viruses infecting the
network from the remote client
Is a VPN tunnel more secure that SSL? 128 bit versus 256?
Is having the SBS box perform the authentication for access inherently
less secure than having a hardware device authenticate?
Does anyone know if my setup is compliant?
They deal in financial information and the Sarbans Oxley Act keeps getting
brought up
Sorry for all the questions but this is technically beyond my experience.
Thanks
John
.
- References:
- Another RWW versus VPN question
- From: John
- Re: Another RWW versus VPN question
- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Another RWW versus VPN question
- Prev by Date: RE: OWA Authentication ? Domain/Name
- Next by Date: Re: TrendMicro's CMS for SMB's Security Settings is a centipede
- Previous by thread: Re: Another RWW versus VPN question
- Next by thread: Re: Another RWW versus VPN question
- Index(es):
Relevant Pages
|
