[VPN] SSL VPN

[shannong]

I've done quite of bit of testing on this.  You can move TS to a new
port (443/80), but then that's not really a proxy. You can use proxies
for RDP and have the traffic tunneled over 443.  I recommend this
approach so that only authenticated users have access to RDP/Citrix
server rather than the Internet at large.  However, I recommend against
using SSL based VPNs for network layer access as they ignore client side
security.  Do you really want users connecting from random PCs on the
Internet that already have Trojans/backdoors installed?  Then that
hacked PC gives some other party full access to your network?  Perhaps
from a coffee bar where they forget to log off and walk away giving an
entire city access to your internal network?  For remote access, stick
with IPSec so that you can enforce strong authentication, firewall
rules, and verify the presence of virus scanners.

 

-S

 

 

 

-----Original Message-----
From: vpn-admin at lists.shmoo.com [mailto:vpn-admin at lists.shmoo.com] On
Behalf Of Bartsch, Vincent
Sent: Monday, April 28, 2003 9:15 PM
To: 'vpn at lists.shmoo.com'
Subject: [VPN] SSL VPN

 

I am researching everything about SSL and it's use as a VPN solution. I
am aware of some of 
it's limitations but I was wondering has anyone tried this: allowed a
SSL connection to a web 
server that lets the user to open a connection to a terminal server. Or
can it be configured to 
connect to a terminal server via a SSL connection directly? Has anyone
tried this, were they 
successful? 

Again, I am just researching this thought. Any word back on this would
be most appreciated, 
thanks. 

Vincent 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20030428/440daf23/attachment.htm