|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Home | Reference & Education | Science Ensuring a secure user authentication in the process, one that is deployable to both the enterprise and end user has been a challenge for many CIO's until recently. When you have a NON-X.509 Authentication via Cisco IPSec VPN, the connection is created through the VPN tunnel through the Cisco IPSec client and a Cisco IPSec supporting appliance (VPN 3000 Concentrator, PIX Firewall, Cisco Routers, etc). In this scenario, the authentication is currently username/password or tokens. In using an IPSec User VPN Deployment, the Cisco IPSec client utilizes authentication other than secure X.509 bilateral authentication. In addition to the authentication being insecure – the organization is also at risk with a “Shared Authentication” key being utilized for encryption. This means that even if the organization is utilizing tokens (hard or soft) for authentication – the encryption is still a mere password – and thus vulnerable to attack. Often times by adding a Cisco ASA and secure authentication appliance into the enterprise, the CIO can enroll users with X.509 Certificates and new user IPSec profiles. By enabling X.509 Authentication on the Cisco IPSec appliance with the new certificates and user profiles, an enterprise can more effectively create secure remote access. One of the advantages here is that the enterprise, at this time, does not need to purchase a large SSL VPN license – a simple 2 to 25 user license will suffice. The enterprise simply utilizes the ASA for the deployment of X.509 credentials and new IPSec user profiles. Utilizing a secure 2-factor authentication allows a quick a plug into the enterprise in a matter of hours. Certificate creation, SMS Text Messages and Telephony OTPs can be handled via secure and world-unique set of WSE 3.0 Web Services. Enterprises have been searching for a methodology to migrate from traditional IPSec VPNs to the nimbler and more-user friendly SSL VPN solutions. There a number of resources available that help with migrations. Signing up for a webinar series on IPSec and SSL VPNs would be a quick way to get up to speed and learn about the potential challenges and get ideas for addressing them. Additionally you might find information on the technical requirements for deploying a secure, productive, scalable, and reliable remote access VPN environment. As an avid technology lover, Sam Brown follows tech movements within network security solutions, including two factor authentication, tokenless and strong SSL VPN authentication solutions. Article Source: http://www.articlewheel.com
As an avid technology lover, Sam Brown follows tech movements within network security solutions, including two factor authentication, tokenless and strong SSL VPN authentication solutions.
|
 RSS Feeds by Category |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
