| VPN security? I am new on these forums. Our IT group recently started allowing us to connect to the enterprise network via VPN. However, I am a little concerned about the security associated with it. Do you guys have any thoughts on it? |
|
|
|
PrntRhdPremium
join:2004-11-03
Fairfield, CA Reviews:
 ·Comcast
| Well, it is their call to allow it. VPN is an encryption protocol that lets you send data securely over the public internet.
I work for a large international corporation and I can connect to the corporate networks via VPN from almost anywhere with the exception of customer sites that block the ports used for the VPN traffic. It does exact a speed penalty however. |
|
| reply to alopamelvin
Thanks PrntRhD. I was specifically asking about enhancing security. I was reading about 2-factor authentication. Have you or does your company use that for your VPN connectivity? |
|
PrntRhdPremium
join:2004-11-03
Fairfield, CA Reviews:
·Comcast
| reply to alopamelvin
They are using "Fiberlink Extend 360" with "Cisco Systems VPN Client", users can have the same login as the PC on the corporate network or a separate login for the VPN. The PC also has been setup with Policies that prevent risky behavior by the end user. |
|
| I was researching online and found this »www.phonefactor.com/solutions/re···ess-vpns website. It looks like phonefactor is easy to setup and has 2-factor authentication setup. It looks like they offer enhanced VPN security.
Any thoughts PrntRhd? |
|
 JahntassaWhat, I can have feathersPremium
join:2006-04-14
Conway, SC
kudos:4 | Keep in mind that the 2-factor authentication you're talking about, and the security of the VPN are two different things.
VPNs are secured by PSKs (if Aggressive IPSec) and the settings of the encryption phases. The LOGINS are governed by a multitude of ways, one of which is the two-factor authentication.
People can't just point at the VPN server and login. The clients need to be set with the proper protocols and settings before you even get to the user login.
However, if you are concerned about someone walking up to one of your systems (which would be locked, I would hope) and logging into the VPN, then the two-factor is a good idea.
Some other things to look into is token-based security like RSA and Safeword offers. |
|
| quote:
VPNs are secured by PSKs (if Aggressive IPSec)
Just to clarify PSKs can be used regardless of whether you are using aggressive mode or not. PSKs in IPSec do not require you to use IPSec aggressive mode.
Also the PSK does not secure the VPN. It only serves to authenticate the peers to each other. The keys which actually secure the VPN are negotiated between the peers after the authentication phase is complete (unless you are using manual keying which is not often used or even supported).
|
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | reply to alopamelvin
Maybe you also want to look into a little "port knocking" with that VPN ?
 |
|
| reply to alopamelvin
Jahntassa:
I looked into token based security. However, that is going to cost me a lot of money.
I downloaded the phone-factor program from »www.phonefactor.com/downloads. First off, it's free for a computer. Also, I don't have to buy any additional hardware or certificates. It calls me up to verify whether it's me logging in via VPN to my office network. So free 2-factor authentication for added VPN security:D I am going to give it a spin for a few months to see how it works out and will keep you guys posted.
Thanks for all your comments. I appreciate it. |
|
| reply to Jahntassa
"token-based security like RSA and Safeword offers."
Aren't phone-based solutions so much better than this, ease of deployment, cost and user knowledge of the device, their phone.
The IT departments win and so do the users. |
|
