•
How will keys be distributed? Email is not a good solution. Phone conversations might be
secure enough.
•
How many different keys should be used? One key per user? One per group of users? One per
LAN-to-LAN connection? One key for all users and one key for all LAN-to-LAN connections? It
is probably better using more keys than is necessary today since it will be easier to adjust
access per user (group) in the future.
•
Should the keys be changed? If they are changed, how often? In cases where keys are shared
by multiple users, consider using overlapping schemes, so that the old keys work for a short
period of time when new keys have been issued.
•
What happens when an employee in possession of a key leaves the company? If several users
are using the same key, it should be changed.
•
In cases where the key is not directly programmed into a network unit, such as a VPN firewall,
how should the key be stored? On a floppy? As a pass phrase to memorize? On a smart card?
If it is a physical token, how should it be handled?
9.1.5. The TLS Alternative for VPN
If secure access by clients to web servers using HTTP is the scenario under consideration, then
using a NetDefend Firewall for TLS termination can offer an alternative "lightweight" VPN
approach that is quickly and easily implemented. This topic is described further in
Chapter 9: VPN
670
Summary of Contents for NetDefendOS
Page 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Page 32: ...Chapter 1 NetDefendOS Overview 32 ...
Page 144: ...Chapter 2 Management and Maintenance 144 ...
Page 284: ...Chapter 3 Fundamentals 284 ...
Page 392: ...Chapter 4 Routing 392 ...
Page 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Page 420: ...Chapter 5 DHCP Services 420 ...
Page 573: ...Chapter 6 Security Mechanisms 573 ...
Page 607: ...Chapter 7 Address Translation 607 ...
Page 666: ...Chapter 8 User Authentication 666 ...
Page 775: ...Chapter 9 VPN 775 ...
Page 819: ...Chapter 10 Traffic Management 819 ...
Page 842: ...Chapter 11 High Availability 842 ...
Page 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Page 879: ...Chapter 13 Advanced Settings 879 ...