• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

VPN for Part2?

 
Ranch Hand
Posts: 132
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello

I'm a bit unsure for the security aspects of my assignment. I've to build a new solution with different servers and have to ensure that employees of let's say 30 different networks all around the world are able to access the new system. Important to note is that the users are limited to those networks, and that no other people should be able to access the new system. I see generally two approaches for doing it, The first one would be to make the solution on a network level available for any device on the web and to restrict the access over user+pwd and a second factor (like SMS code). All network traffic would be in this approach encrypted over https. The second approach would be to create for each of the 30 networks a VPN tunnel to my new network system. In a specific would here user+pwd with the VPN tunnel also a strong second factor.

Does someone has also used a VPN solution in his assignment and passed ? What is about the running costs for VPN? For solution 1 a thing like the SMS server would definitely produce some costs...

Regards,
Christian
 
Bartender
Posts: 3648
16
Android Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello it depends on how detail is your security requirements. If it just say 128-bit encryption or the like, the typical HTTPS will do the work.

Are your users be accessing a web app or desktop UI? Usually for web app, your SUD can utilize form-authentication. 2 factor authentication (like SMS/OTP code) is optional

For desktop UI, then a physical computer is needed for those users within the network. Under this scenario, VPN is probably the way to go. Is a VPN server or the like needed? I let you do some research or ask your company support staff what is needed to support VPN.

 
Christian Nicoll
Ranch Hand
Posts: 132
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for answering.

K. Tsang wrote:Are your users be accessing a web app or desktop UI?


Users will access the system over a web app. However from my point of understanding this doesn't really makes a difference, because I don't want that on each local machine is a VPN client installed. Instead of this VPN means for me in this context a Site-to-Site VPN (or Gateway-to-Gateway-VPN).



K. Tsang wrote:Is a VPN server or the like needed? I let you do some research or ask your company support staff what is needed to support VPN.


What I found out so far is that there is no dedicated VPN server, instead in each connected network does a gateway (router) exists who is able to create and maintain this VPN tunnel. Additional effort and complexity can occurs if there is an overlapping between the new virtual network and the existing networks, and so extensive natting might be required.

 
K. Tsang
Bartender
Posts: 3648
16
Android Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oh that kind of VPN. ... I think you are over-complicating the assignment. Make assumptions.

What you are saying is say your server in across the globe and you need access to it and vice versa. I'm sure many companies are already set up that way.
 
Christian Nicoll
Ranch Hand
Posts: 132
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the feedback.
reply
    Bookmark Topic Watch Topic
  • New Topic