On Nov 3, 2010, at 10:15 AM, m.roth@5-cent.us wrote:
Ross Walker wrote:
<snip> > I would suggest only providing VPN access to administrators and for users > providing a combination of SSL gateway to web-mail and some type of > terminal service that either authenticates with a separate domain or is > only accessible after successfully authenticating to the SSL gateway. <snip> Um, no. This might work for folks who *only* need access to their M$ Exchange via Outlook and Office, but for other work, including *anything* that isn't being done in their browser, they're SOL about working, say, from home.
Exchange isn't the only web mail game in town, and terminal services doesn't have to be M$ RDP, NoMachine NX makes a great X-Windows terminal server supported across many desktop OSes (and does certificate authentication too!).
If you are using a content management system, you can also provide access to that through the gateway (and no I'm not necessarily talking Sharepoint here).
I just think VPNs' time has come and gone.
It's even more secure it you just unplug it from the Internet....
Goes without saying ;-)
-Ross