[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] NAT Question
- Subject: Re: [cobalt-security] NAT Question
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Mon, 24 Sep 2001 17:16:27 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Really dumb question, and I probably don't know the answer because I
> haven't dug into this enough - FreeS/WAN will be able to handle all of
> my Windows 98 users with no problems, right?
The IPSec protocol is not operating system dependent. You should expect to
spend some time fiddling with and updating windows clients to use IPSec
properly. I've never used FreeS/WAN and windows clients, but I've setup
windows clients to VPN with a win2k server.
> I'm in the same position, I think I can squeeze VPN past the president,
> but that creates problems just by the way Notes is built (needing the
> client on each machine). For example if a sales rep is out without his
> laptop VPN really won't help much. Anyway, that's not what I want to
> ask.
I'm not sure I understand. If a rep is out of the office, they can dial up
to the internet, and use VPN to get full access to the Notes server.
> Can you point me to some information (docs, etc) on WHY Notes is not
> secure or why you wouldn't want to put it outside the firewall. I need
> something to take to the President and say "This is WHY I'm not going to
> put Notes in that position, but VPN is the solution that we will go
> with."
Again, I'm not experienced with notes in particular, but I can tell you why
in general if you don't need to open a hole in your firewall, you shouldn't.
Every server application that is available to the internet is a potential
security risk. New flaws in server applications are discovered every day. In
order to make any system secure, you have to constantly monitor the latest
security alerts. This process is obviously time consuming and it takes a
certain level of expertise. A VPN architecture protects servers by keeping
them behind firewalls. There are no open ports on the firewall that hackers
can compromise. The possibilty for intrusion is therefore severely limited.
If you want something specific to notes, I would visit www.securityfocus.com
and search for Lotus Notes vulnerabilities.
Kevin