The Evils of SSL Tunneling

As a firewall administrator your primary concern is access control. You want to control exactly what services internal network users can access on other networks, and you want exact control over what services external users can access on the internal network. That’s the reason you have a firewall. If you don’t want someone to access a specific service on the Internet, then you either do not allow it (the preferred method) or you explicitly block it (the less preferred method). This isn’t a radical approach and is something inherent in all good firewall policies. For example, you have created a … Continue reading The Evils of SSL Tunneling

Using RADIUS Authentication with the ISA Firewall’s VPN Server (2004)

 By Thomas W Shinder M.D. Got questions? Discuss this article over athttp://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=30;t=000170 Like the ISA Server 2000 firewall, the ISA firewall (ISA Server 2004) supports RADIUS authentication for VPN clients. RADIUS authentication is most useful when the ISA firewall is not a member of the Internal network domain. Situations where you would not want to make the ISA firewall a member of the Internal network domain would include those where the ISA firewall is the Internet edge firewall and there are other back-end firewalls on the network. While it is completely acceptable to make the ISA firewall on the Internet … Continue reading Using RADIUS Authentication with the ISA Firewall’s VPN Server (2004)