× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2008

RE: VPN access


VPN extends your network to the connected user while SSL on a web
application only opens that application to the internet. What is more
secure depends on your point of view. If someone hacks your VPN server
they can get access to your full network. But they should still need a
network user id and password to access any network resources. Now you
may restrict access to resources available via VPN. SSL bases VPN's, or
clientless VPN's are probably just as secure as client based VPN's since
you can get the client in many places.

Now just opening up an application to the internet via SSL only grants
access to that application. If that happens to be a logon to your
iSeries, well if they hack QSECOFR via TN5250, they might as well be on
a Twinax terminal.

If you open TN5250 via a browser interface, of which there are a few to
choose from, you must secure who can access what just as opening up
telnet direct.

If you use WAS to provide an application to your local network and open
up the SSL port for the application to the internet. Just make sure no
one can interject their own SQL strings to see info for someone besides
themselves.



Chris Bipes
Director of Information Services
CrossCheck, Inc.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of ron hawkins
Sent: Thursday, May 29, 2008 3:07 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: VPN access

Thanks everyone.

It seems the consensus is yes, you can run without the VPN using just
SSL (assuming our Seagull product handles that and I'm pretty sure that
it does). So the issue is really price vs extra security? What extra
security do we get with the VPN? Again, the argument I'm getting is that
banks don't use VPN's - why do we need to?

I thought I read somewhere that with the VPN you can get to your
network, but with only SSL you can not access the network. Is there any
truth to this or did I misinterpret the article?
VPN
Ron

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Aaron Abreu
Sent: Thursday, May 29, 2008 1:52 PM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: VPN access

before we had VPN we simply used our
PowerTerm software to emulate 5250 from
our home computers and then relyed on
400 security to control who could get into the system.

so yes, if you have a client emulater that everyone could intall, then
you could run withou VPN, but what is the "security risk" factor. VPN
is all about a secure link before you allow someone to even touch your
400.

can you put a price on that??
Aaron



*-------------------------------------------------------------*
<businesscardinfo>
*-------------------------------------------------------------*
Aaron Abreu, Systems Consultant
MIS Dept.
Bay District Schools
1311 Balboa Ave.
Panama City, FL 32401-2080
Phn# 1-850-872-4288 (suncom 777-4288)
Fax# 1-850-872-7768
abreual@xxxxxxxxxxxxx






The information contained in this message may be privileged and
confidential and protected from disclosure. If the reader of this
message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient, you
are hereby notified that any dissemination, distribution or copying of
this communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to the
message and deleting it from your computer. Under Florida law, e-mail
addresses are public records. If you do not want your e-mail address
released in response to a public-records request, do not send electronic
mail to this entity. Instead, contact this office by phone or in
writing.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.