Secure Remote Access Design Considerations
1) Using Your Current Edge/Internet Firewall for Remote Access VPN if it has the support
2) Using a separate VPN appliance that supports both remote access VPN solutions (clientless and client based)
3) HA/failover setup of Remote Access VPN appliances (active/standby or active/active)
4) Deciding what IP subnet Size you are going to assign to the VPN Users
5) Deciding the placement of the VPN appliance in a DMZ or a separate zone dedicated for it
6) Integration with Authentication sources such as LDAP/Active Directory, and Radius Server
7) What Kind of TLS protocols are allowed for the client to connect to a VPN ( TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3)
8) Implementing Host Integrity checks such as AV/Firewall and Domain Machine on the users who are trying to access the corporate resources using VPN
9) Implementing VPN on a standard port (443) or a non-standard port (5443)
10) Deciding to have split tunneling enabled or disabled for the VPN users
11) Deciding how to implement multi-factor authentication for the VPN Users
#security #networksecurity #design
Mahmmad Kareemoddin
0 comments:
Post a Comment