Re: [Fed-Talk] VPN for Mac
Re: [Fed-Talk] VPN for Mac
- Subject: Re: [Fed-Talk] VPN for Mac
- From: "William G. Cerniuk" <email@hidden>
- Date: Thu, 17 Apr 2008 17:05:46 -0400
I am going to answer generically... No lack of respect for our fedtalk
listers but we should not do our agency business in public venues.
Clean Access is a secondary system that works after the Cisco VPN has
vetted the inbound user... you login to the VPN first.
When you login to the VPN system using the additional Clean Access
server, you are in a holding pen. That holding pen is like coming thru
customs on your way from China to the US.
Then the customs agent comes along with their list of questions, metal
detector and all the related equipment for an invasive search. The
customs agent is the Clean Access server. The tools are the Clean
Agent client on your computer.
So say you simply don't go thru the scanner or you refuse to get
wanded as it were. You will be stuck in the holding pen. There is a
water fountain, vending machine and chairs but that is it. Limited
services.
Same with clean access. If the client is not in the system coming thru
the VPN or it does not respond properly, the system is left in the
holding pen with limited services. If the client is on the system, is
told to scan your disk by the server, and the scan shows you have the
required configuration... you are passed to a VPN connection with
more access to network services if not full network access.
V/R,
Wm. Cerniuk
Sent from my iPhone
On Apr 16, 2008, at 23:18, David Poteet <email@hidden> wrote:
Bill,
I'm still confused... will RESCUE be required only with GFE or also
with personally-owned equipment?
On Apr 16, 2008, at 10:36 PM, William G. Cerniuk wrote:
It causes confusion but RESCUE is basically a VA IT branding of the
distribution of Cisco's Clean Access software inside the VA.. Clean
Access will communicate from the client to the Cisco Clean Access
server to vet the incoming system.
So Henry is on target. Clean Access, based on some programmable
characteristics will scan the host system based upon the request
from the server. It returns a thumbs up or down on the check.
Thumbs up means it passed and and our case, it verified that the
Windows PC seems to be a VA owned Windows PC. Then the Windows PC
is let into the VA network and any services promoted thru the VPN
conection. If it does not pass, "no soup for you!" and all the VA
user will get is access to a Citrix server.
As far as the Mac plan, the Cisco software "client" for Clean
Access runs on Mac but is not full featured like the Windows
version.. Implementors must augment it with home brew code
execution to perform the Mac check.
Because a number of top VA Execs run Mac at the VA, It would be
good if the VA Mac execution is flawless prior to deployment. (!)
Google for Clean Access and Cisco and you will see it is not
without its issues in the Windows side.
V/R,
Wm. Cerniuk
Sent from my iPhone
On Apr 16, 2008, at 17:55, "Mensch, Henry" <email@hidden>
wrote:
RESCUE is a new VA thing which is a superset of VPN technology
along with
other containment technologies which ultimately ensure that no
sensitive
data ends up in the wrong hands.
Apparently there are two flavors of it: one for GFE and one for
OE. The GFE
stuff looks like VPN software along with other bits which enforce
various
requirements (like presence of an anti-malware tool, presence of
antivirus,
...). On the other hand, the OE tool (which I have not yet seen)
looks like
a self-contained environment from which you may neither export nor
import
data.
This is, afaik, not official policy yet, but it is on the way to
becoming
policy.
(and no, before you ask, I don't know what IRMS' plan for
Macintosh support
in this area will be. I expect that both the GFE and OE clients
will both
run in a virtual machine--I know that the One VA VPN works well
this way).
--
Henry Mensch / Storage Manager
Center for Imaging of Neurodegenerative Diseases
VA Medical Center, San Francisco CA USA
v: +1.415.221.4810 x2466 / f: +1.415.668.2864
e: email@hidden
w: http://www.cind.research.va.gov/
-----Original Message-----
From: fed-talk-bounces+henry.mensch=email@hidden
[mailto:fed-talk-bounces+henry.mensch=email@hidden] On
Behalf Of
Dave Schroeder
Sent: Wednesday, April 16, 2008 1:38 PM
To: Buxbaum, Laurence
Cc: email@hidden
Subject: Re: [Fed-Talk] VPN for Mac
On Apr 16, 2008, at 3:33 PM, Buxbaum, Laurence wrote:
The new VPN directive requires the use of RESCUE software. I assume
the
RESCUE software will not work on a Mac. Do we need Virtual PC (or
other
Windows emulation software)?
What is RESCUE? Whether you need Windows to run it depends on what
it
is. If it is VPN software, I've never heard of it and didn't find it
in a brief Google search. Is it Windows-only? Instead of assuming,
why
not check? :-)
Also, Virtual PC is discontinued and only required for PowerPC-based
Macs. Windows no longer runs in emulation on Intel-based Macs.
- Dave
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden