The tls alternative for vpn – Amer Networks E5Web GUI User Manual

access per user (group) in the future.

•

Should the keys be changed? If they are changed, how often? In cases where keys are shared
by multiple users, consider using overlapping schemes, so that the old keys work for a short
period of time when new keys have been issued.

•

What happens when an employee in possession of a key leaves the company? If several users
are using the same key, it should be changed.

•

In cases where the key is not directly programmed into a network unit, such as a VPN
gateway, how should the key be stored? On a floppy? As a pass phrase to memorize? On a
smart card? If it is a physical token, how should it be handled?

9.1.5. The TLS Alternative for VPN

If secure access by clients to web servers using HTTP is the scenario under consideration, then
using a Clavister Security Gateway for TLS termination can offer an alternative "lightweight" VPN
approach that is quickly and easily implemented. This topic is described further in Section 6.2.10,
“The TLS ALG”.

Chapter 9: VPN

568