The Tls Alternative For Vpn - D-Link NetDefendOS User Manual

Network security firewall

Hide thumbs Also See for NetDefendOS:

Table of Contents

How will keys be distributed? Email is not a good solution. Phone conversations might be

secure enough.

How many different keys should be used? One key per user? One per group of users? One per

LAN-to-LAN connection? One key for all users and one key for all LAN-to-LAN connections? It

is probably better using more keys than is necessary today since it will be easier to adjust

access per user (group) in the future.

Should the keys be changed? If they are changed, how often? In cases where keys are shared

by multiple users, consider using overlapping schemes, so that the old keys work for a short

period of time when new keys have been issued.

What happens when an employee in possession of a key leaves the company? If several users

are using the same key, it should be changed.

In cases where the key is not directly programmed into a network unit, such as a VPN firewall,

how should the key be stored? On a floppy? As a pass phrase to memorize? On a smart card?

If it is a physical token, how should it be handled?

9.1.5. The TLS Alternative for VPN

If secure access by clients to web servers using HTTP is the scenario under consideration, then

using a NetDefend Firewall for TLS termination can offer an alternative "lightweight" VPN

approach that is quickly and easily implemented. This topic is described further in Section 6.2.11,

"The TLS ALG".

Chapter 9: VPN

Show Quick Links

Table of Contents