Functions of VPN?

Ryan Russell Ryan.Russell at sybase.com
Sun Sep 12 04:11:57 EDT 1999




>A company wants to setup an e-somthing for its 10,000 suppliers.  When the
>company needs something, it will broadcast a "request for quotations" to all
>qualified suppliers through e-mail.  Interested parties then access the
>company's web site, in a DMZ, and complete a form(s) on an oracle server,
>which is behind a firewall, on-line.  The security officer wants only
>qualified suppliers can access the web site, only they can log onto the web
>site in the DMZ, and complete the form on the oracle server behind the
>firewall.  Noone else can use any one of the services as a spring board to
>any other servers behind the firewall.  In short, their access is extremely
>limited.
>
>An option is to deploy digital certificates, say VeriSign On-site.  The
>company also wants to explore VPN solution.  I have just attended a 2-day
>VPN conference.  I got an impression that VPN is effective for mobile
>employees (users) and branch offices.  One of the speakers felt that VPN is
>not ready for Extranet yet.

If you think that you're going to be able to specify that 10,000 people who
don't
work for you have to install a piece of software as intrusive as a VPN
client, then clearly you're insane. :)

Your requirements scream 128-bit SSL.  Buy international people Fortify if
you have to.  If you're worried about strong authentication, then look
at managing client certificates for them, or better yet, distribute
OTP hardware.  That will be the easiest by far.  Of course, your life
will still suck, I'm just trying to make it suck as little as possible.

                    Ryan




****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************




More information about the VPN mailing list