In my opinion you shouldn't try to manage something with a GUI
over the internet without any encryption. Unless embedded encryption
or thru ssh or VPN.
VPN's are fast enough, it just depends on the throughput of the data
which you want to send and the VPN links on each endpoint. I think
using a VPN for management shouldn't slow things down. Emailing
an attachment of 5 mb and doing management can slow things down
ofcourse.
I personnaly don't prefer doing management of a firewall from any work
station at all instead of a few management stations which you give
access to the GUI / rulebase.
Regards,
Brenno
> -----Original Message-----
> From: Helmut Springer [SMTP:[EMAIL PROTECTED]]
> Sent: vrijdag 18 mei 2001 11:15
> To: [EMAIL PROTECTED]
> Subject: Re: GUI client over untrusted network
>
> On Fri 2001-05-18 (13:53), Mike M. Quimson wrote:
> > I just like to know if its ok to run GUI clients over internet
> > to manage firewalls? How secure is the communication between
> > the GUI and the enforcement module? or do i need to run it
>
> Data is data, if it happens to be data belonging to some GUI or to a
> shell session doesn't matter. Either it is cryptographically
> secured or it is not, the documentation of the system should tell
> that.
>
> If in doubt, make sure it is (VPN, ssh, whatever reasonable). And
> think about abandonning a product not telling about such things.
>
>
> --
> MfG/best regards, helmut springer
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
