[Sussex] WAP Security advice...

Mark Harrison Mark at ascentium.co.uk
Sat Nov 29 13:30:52 UTC 2003


John,

Good suggestion - I've been using FreeSWAN for a while now, personally, but
it's just not the right solution for this particular client :-(

For the 90% of staff who simply need portal access, the portal is fine.
After all, a lot of staff access the portal from third-party machines at
suppliers or web-cafes, so software client installation just isn't possible.

For the 10% who need "real" access to the network, they already use a VPN
Client / Personal firewall. In fact, they use the Checkpoint one, which is a
far better fit, given the requirement for large-scale central management.

Regards,

Mark


----- Original Message ----- 
From: "John Crowhurst" <fyremoon at fyremoon.net>
To: <sussex at mailman.lug.org.uk>
Sent: Saturday, November 29, 2003 1:16 PM
Subject: Re: [Sussex] WAP Security advice...


> > You initially said that your clients where "UTTERLY PARANOID about the
> > security" and that they had a clue about "WEP vulnerabilities".  If that
> > is so they have they answered the first question about security?
>
> If they are paranoid about security, perhaps an added layer of protection
> would be to encrypt the TCP/IP layer so that even if the network was
> breached, the data available to the hacker is useless.
>
> You could take a look at FreeS/Wan (IPSEC for Linux) or CIPE to provide
> encrypted tunnelling through their network if they want secure.
>
> http://sites.inka.de/sites/bigred/devel/cipe.html
> http://www.freeswan.org/
> http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
>
> --
> John
>
>
>
> _______________________________________________
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sussex
>
>





More information about the Sussex mailing list