Have any of you ever used TPM to secure a VPN connection into a corporate network? I'm interested in doing two factor authentication. Ideally, only laptops that I authorize will have access to the VPN tunnel. If the laptop were to be lost or stolen I'd like to have the ability to disallow its connection by revoking a cert for example. What are your thoughts on this and what steps have you taken to get this implemented? The firewall is an ASA5510. Thanks!
Re: How to incorporate TPM (Trusted Platform Module)
There is a difference between trusting a user (after passing strong user authentication) and trusting that user's computer. While the former has traditionally been emphasized, only recently has the latter been given sufficient attention (see Trusted Platform Module - TPM). As discussed earlier, a Trojan-laden computer defeats strong user authentication. But a âcompany computerâ, which is typically supported and managed according to corporate security policies, typically deserves more trust than a ânon-company computerâ. A secure SSL VPN infrastructure should allow you to verify a remote host's identity by checking on predefined end device parameters. Examples include registry entries, special files in a specified location, or digital certificates (as a form of device authentication). The host identity information can be used to make your access permission decisions.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...