Re: Should I use SSL or VPN
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 3 Aug 2005 06:21:06 -0500
Hi Tiago,
Why not use a remote access client VPN connection to the ISA firewall, and then
allow access for that user or group *only* to the required protocol and
required server? A remote access VPN on the ISA firewall is pretty easy to
setup and more secure than SSH, since you have the strong access controls
enforced at the ISA firewall.
Thanks!
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Sent: Wednesday, August 03, 2005 6:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Should I use SSL or VPN
http://www.ISAserver.org
Wellm, maybe you could run it over SSH2 instead of telnet and secure it
with a server certificate and redistributing client certificates to those who
need to access the telnet application. I think it wouldn't be worth setting up
a VPN client just to access telnet.
Your telnet server is a what? Linux? AIX? HP-UX? SCO?
Tiago de Aviz
SoftSell - Curitiba
(41) 3340-2363
www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu
conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta
mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de
seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta
mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável
pelo conteúdo ou a veracidade desta informação.
>>> nathan@xxxxxxxxxx 3/8/2005 00:48 >>>
http://www.ISAserver.org
Hi,
Currently we have a few site to site VPNs and these work great. But we
also have a few very small clients that make it not worth setting up a site to
site VPN.
They need to connect to our telnet application.
Would it be best/safer/easier to publish the telnet application over
SSL or should we allow them VPN access to our network and then access to the
telnet application?
We currently publish our telnet application on a webfacing program so
it is accessible over port 443 but this isn't/can't be used for full blown
access as you can't do as much in a web browser as you can in the telnet
application.
So is publishing the individual port 23 any different to publishing
port 443?
So I really just want opinions on would you use VPN or publish the port
and secure it with SSL.
Thanks
Regards,
Nathan Simpson
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Visit TechGenix.com for
more information about our other sites: http://www.techgenix.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To
unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report
abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
