[Dshield] How secure IS GoToMyPC?

Alan Frayer afrayer at frayernet.com
Sat Jun 19 12:31:42 GMT 2004


On Fri, 2004-06-18 at 11:07, Stephane Grobety wrote:


> A potential solution would be:
> 1/ Only to allow remote access via VPN. Not really because you don't
> trust the encryption, but because some VPN clients includes security
> systems: firewalling, antivirus and all. If a client doesn't show that
> he's protected and up-to-date, he simply won't be allowed in.


To make sure I understand what's being said here, why not a VPN to an
intranet (web-based, read only file on an internal network server)? Is
the problem the pipeline that the VPN creates? Can't standard,
individual machine protections mitigate that problem?


> 2/ Use SSL client certificates and store these certificate on hardware
> tokens. Strangely, I've not seen any cryptographic token that also
> includes a fingerprint reader (though I've seen fingerprint readers
> protecting USB key drives) but it could improve security further.


I suppose it's time for me to study SSL client solutions and hardware
tokens.




________________________________________________________________________
Alan Frayer, CNE, CNI, CIW CI, MCP, Net+ - afrayer at frayernet.com
Member: Independent Consultants Association (ICA)
Consultants - FREE Directory Listing - http://www.ica-assn.org




More information about the list mailing list