I'm trying to design a setup where more than a hundred users
will be able to connect to our network through modems, public X.25
services, and the Internet.
Most of our users will have company-provided PC laptops that I
can add software to, but a few connect from different platforms and
some are vendors with unknown equipment who need more-or-less temporary
access. Our internal hosts are largely Unix machines and X terminals.
Currently, we have a much smaller set of remote users, dialback
modems, and a two-routers-and-a-bastion-host firewall setup.
I am looking for software/hardware that will help me increase
security for remote logins. It's seems that challenge/sequenced
password generators ("smartcards"), possibly in software form, might be a
big help. I've read through the archives, but much of the relevant
material is dated.
Some questions I'm looking to answer:
* Should I get a terminal server or dedicate a machine with
a serial port expander?
* Can I avoid giving users accounts on any gateway machines?
* What if someone loses their token generator/laptop?
* Where should I put dialup services in relation to the firewall?
* How about SLIP/PPP for selected users?
* How simple can I make things for the users?
* What products are available and what are their pricing/contact info?
Our budget is reasonable, but not infinite. :)
I will gladly post a summary (not a compilation) of anything I
receive. Any related general setup suggestions would be appreciated as well.
-- Matt @8^1
--
Matt Cohen INET: sysnmc @
chron .
com
Department of Technology Resources UUCP: ...!uunet!chron!sysnmc
The Houston Chronicle AT&T: +1 713 220 7023
801 Texas Avenue, Houston, TX 77002 "Quidquid Latine dictum sit,
"Houston's Leading Information Source" altum viditur."
|
|
