I agree, authenticating on the firewall is the best way to go. checkpoint fw-1 and rsa secureid work great together too for this.
badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg ______________ Es gibt 10 arten von Menschen auf dem Planeten, welche die Binär verstehen, und welche die es nicht tun. -----Ursprüngliche Nachricht----- Von: David Gillett [mailto:[EMAIL PROTECTED] Gesendet: Wednesday, August 06, 2003 10:57 PM An: 'Bob Freeman'; [EMAIL PROTECTED] Betreff: RE: Securing Web access from internet Years back, I worked on a network where we had a requirement like this, which we met by deploying a PIX as gateway with an attached TACACS+ server. Clients who telnetted to the gateway and authenticated against TACACS+ got access to the network beyond the gateway. More recently, I've been using some of the authentication services offered by CheckPoint's FW-1 firewall and BlueSocket's "wireless" security box. I suspect that user authentication as a firewall feature has become fairly widespread, although I'm not sure how common on boxes costing less than about $10K. David Gillett > -----Original Message----- > From: Bob Freeman [mailto:[EMAIL PROTECTED] > Sent: August 6, 2003 08:58 > To: [EMAIL PROTECTED] > Subject: Securing Web access from internet > > > > > Hi everyone, We have a web application on our LAN (based on > IIS) and we want to make this web application available from > the internet for specific users/workstation. 1)I want to > make sure that these users/workstation are authenticated > BEFORE accessing the local network. 2)I want to make sure > that the information transiting on the public network is > encrypted 3)I would prefer to not have anything to install > on the remote workstations (if possible) 4)I don't want a > VPN solution. I don't know much about the product I need but > I suppose it would be a kind of web relay/authentication > server installed in our DMZ. Do you have product to > propose? Thanks Bob Freeman > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > -------------- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------