I'm a bit unsure for the security aspects of my assignment. I've to build a new solution with different servers and have to ensure that employees of let's say 30 different networks all around the world are able to access the new system. Important to note is that the users are limited to those networks, and that no other people should be able to access the new system. I see generally two approaches for doing it, The first one would be to make the solution on a network level available for any device on the web and to restrict the access over user+pwd and a second factor (like SMS code). All network traffic would be in this approach encrypted over https. The second approach would be to create for each of the 30 networks a VPN tunnel to my new network system. In a specific would here user+pwd with the VPN tunnel also a strong second factor.
Does someone has also used a VPN solution in his assignment and passed ? What is about the running costs for VPN? For solution 1 a thing like the SMS server would definitely produce some costs...
Hello it depends on how detail is your security requirements. If it just say 128-bit encryption or the like, the typical HTTPS will do the work.
Are your users be accessing a web app or desktop UI? Usually for web app, your SUD can utilize form-authentication. 2 factor authentication (like SMS/OTP code) is optional
For desktop UI, then a physical computer is needed for those users within the network. Under this scenario, VPN is probably the way to go. Is a VPN server or the like needed? I let you do some research or ask your company support staff what is needed to support VPN.
K. Tsang wrote:Are your users be accessing a web app or desktop UI?
Users will access the system over a web app. However from my point of understanding this doesn't really makes a difference, because I don't want that on each local machine is a VPN client installed. Instead of this VPN means for me in this context a Site-to-Site VPN (or Gateway-to-Gateway-VPN).
K. Tsang wrote:Is a VPN server or the like needed? I let you do some research or ask your company support staff what is needed to support VPN.
What I found out so far is that there is no dedicated VPN server, instead in each connected network does a gateway (router) exists who is able to create and maintain this VPN tunnel. Additional effort and complexity can occurs if there is an overlapping between the new virtual network and the existing networks, and so extensive natting might be required.