1

I'm a programmer at my organization, but somehow got drafted into looking into some server stuff so forgive me of my ignorance:

They want to give our sales people secure access to our internal sites using their iPads. This must be secure (obviously) but also revocable from the company's side (if someone quits they can no longer access our network).

I see from http://support.apple.com/kb/HT1288 that the iPad supports "RSA SecurID", "CRYPTOCard", and "Kerberos" authentication methods. Will one of these do what we need? Are there any major differences between them?

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
carpat
  • 995
  • 2
  • 7
  • 14

2 Answers2

3

Many vendors offer iPad clients for their VPN solutions, including OpenVPN. These can be downloaded from the App Store. You'll have to weigh the costs/benefits of each yourself, though.

Once you have a client connecting to a VPN server in your network, it is trivial to disable an existing account. Specific instructions for how vary by vendor.

Edit: Apparently the OpenVPN client requires jailbreaking. Juniper/Cisco/etc still offer non-jailbroken apps, though

Hyppy
  • 15,458
  • 1
  • 37
  • 59
  • Our network guys inform me that this is what they'll be doing, looks like all the authentication stuff is going to be overkill. As I said in SpacemanSpiff's reply, I have no clue why I was the goto guy for management on this when the network admins already know what's going on... :) – carpat Jun 12 '12 at 14:40
  • OpenVPN? What app is that? Nothing comes up in a search. – Zoredache Jun 12 '12 at 15:16
  • @Zordache I think the OpenVPN implementation currently requires jailbreaking. My bad. GizmOVPN is what I was looking at. – Hyppy Jun 12 '12 at 15:38
3

Take a look into Juniper's MAG or SA series gateways. They're not that expensive, have an iPad/Iphone/Droid client, and can authenticate against certificates, users, LDAP, whatever. You can very strictly control access.

The "methods" you describe are merely authentication mechanisms, and those can be used in conjunction with such a solution, or a PPTP vpn, or insert VPN device of your choice here.

SpacemanSpiff
  • 8,733
  • 1
  • 23
  • 35
  • Ah I see, our network guys seem to know what's going on and what to do, so I have no clue why I was the goto guy for management on this... :) You get the point since your score is lower :D – carpat Jun 12 '12 at 14:38