|
Posted by S. Pidgorny on June 16, 2005, 6:28 pm
Please log in for more thread options Traditional (IPsec/PPTP) VPNs won't affect the client behaviour in a way
that it will keep cached information. It's sometimes hard to initiate VPN
connection from an Internet cafe - but if sensitivity of cached information
is a matter of concern, publicly available/unmanaged clients should not be
used to access the information. One should not make assumption that HTTPs
session data won't be cached or intercepted otherwise.
Some new VPN servers create secure sandbox for accessing sensitive
information and cleaning up properly - they use SSL. Key loggers would be of
a concern, still.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
> SSL is fine, in fact better than traditional VPN's in some ways because
SSL
> wouldn't keep cached copy of your mails after you're done reading em, In
an
> Internet café you shouldn't be bothered that somebody else would be able
to
> read your mails after you've gone.
>
> The thing you should be concerned with is your method of authentication, a
> two factor mode of authentication is always good, however not cheap.
>
> Also, a design consideration, make sure the OWA server seats behind a
> reverse proxy server. So that your outside users talk directly to the
> reverse proxy server, and the proxy server talks to the OWA on their
behalf.
>
>
> > assuming that you only allow the SSL to the Exchange OMA front end and
you
> > follow best practices in locking down the server, its all acceptable.
> >
> > The weak point in the security model has nothing to do with your
question
> > (SSL). The weak point is the IIS server that runs OMA. SSL is bullet
> > proof.
> >
> > Cheers,
> >
>
| 
XML Sitemap