Pete Goodridge wrote:
>
> We have a growing number of Lotus Notes users who need remote
> access. Currently they are dialing into our old modem bank. One
> solution is to use our encrypted VPN and allow them access from the
> Internet.
Sure beats messing with Lotus Notes modem string files. ;)
> Our Notes Admin guy says Notes uses 128 encryption already, and
> authenticates.
With one caveat, the user must choose to encrypt their network traffic.
This is off by default. You have to do a File--> Tools--> User
Preferences--> Ports--> Encrypt Network Data. This has to be done on
each remote workstation.
> Therefore we just need to open a port for Notes to the
> server. I could open the Notes port to the DMZ and move the Notes
> server there.
Or setup a pass though server on your DMZ/service network. This will
terminate the inbound tunnel and allow you to use Notes ACLs for who has
access to what on your internal network.
> This would save the users the overhead of encrypting
> twice, since replication over a modem currently takes over an hour.
>
> The other way is too leave it where it is, and do double
> encryption.
I guess I don't follow the above two comments. It sounds like you are
implying that all inbound traffic *has to be* encrypted by some other
means besides the RSA encryption & digital certificate authentication
used by Notes. RSA on its own should be fine unless you are transmitting
extremely sensitive data in which case it should not be crossing the
Internet anyway.
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
