| 
 | 
Pete,
"But, to access a single web application, it can be a less secure, more involved solution."
I don't think our application is really a web application. I think of web
applications as being accessed by a browser. Our application is strictly
5250, with a gui interface. What we need is for the user to simply run menu
options. Some of the programs they run will need access to the IFS. All of
this works today via the VPN and client access.
So, if they don't need access to anything except the iSeries and the IFS,
can we give them access without the VPN? I'm not sure what was the original
reason for using a VPN.
Ron
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Pete Helgren
Sent: Thursday, May 29, 2008 4:19 PM
To: Midrange Systems Technical Discussion
Subject: Re: VPN access
Ron,
If your sole reason for using the VPN was to get secure access to a web application, then SSL is the ticket. It is simple, secure and, since you aren't extending your network out to an "unknown" end point, it is *more* secure, given your goals.
A VPN creates a secure connection, but it also extend the network to the endpoint, so your security controls must be even tighter. For example, I use VPN connections frequently to access customer machines and they have given me that permission. But I pretty much have access as though I am sitting inside their firewall on their network as any other PC. I can browse the network and access network resources (which is why I have the VPN access). So, you need some VERY good network access and monitoring tools and a carefully configured network in order to make that VPN a "single use" connection. Again, SSL for a web app is a better solution in this case.
VPN has it's place. But, to access a single web application, it can be a less secure, more involved solution.
Pete
ron hawkins wrote:
Thanks everyone.don't
It seems the consensus is yes, you can run without the VPN using just SSL
(assuming our Seagull product handles that and I'm pretty sure that it
does). So the issue is really price vs extra security? What extra security
do we get with the VPN? Again, the argument I'm getting is that banks
use VPN's - why do we need to?this
I thought I read somewhere that with the VPN you can get to your network,
but with only SSL you can not access the network. Is there any truth to
or did I misinterpret the article?confidential
Ron
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Aaron Abreu
Sent: Thursday, May 29, 2008 1:52 PM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: VPN access
before we had VPN we simply used our
PowerTerm software to emulate 5250 from
our home computers and then relyed on
400 security to control who could get into the
system.
so yes, if you have a client emulater that everyone
could intall, then you could run withou VPN, but what
is the "security risk" factor. VPN is all about a secure
link before you allow someone to even touch your 400.
can you put a price on that??
Aaron
*-------------------------------------------------------------*
<businesscardinfo>
*-------------------------------------------------------------*
Aaron Abreu, Systems Consultant
MIS Dept.
Bay District Schools
1311 Balboa Ave.
Panama City, FL 32401-2080
Phn# 1-850-872-4288 (suncom 777-4288)
Fax# 1-850-872-7768
abreual@xxxxxxxxxxxxx
The information contained in this message may be privileged and
and protected from disclosure. If the reader of this message is not thethis
intended recipient, or an employee or agent responsible for delivering
message to the intended recipient, you are hereby notified that anynotify
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please
us immediately by replying to the message and deleting it from yourdo
computer. Under Florida law, e-mail addresses are public records. If you
not want your e-mail address released in response to a public-records
request, do not send electronic mail to this entity. Instead, contact this
office by phone or in writing.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.