Security Basics mailing list archives
RE: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports
From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 14 Aug 2009 13:55:44 -0700
So your clients' Internet traffic doesn't go through the VPN? (If it did, all the ISP would see is the encrypted tunnel...) It sounds to me like the clients' Internet traffic is NATted at the router, and the VPN is irrelevant. So your choices are: 1) Police your own network so the ISP doesn't see things they shouldn't (*), or 2) Purchase routable address space so each of your clients has their own visible address. I'm sure the ISP will be glad to handle the technical details in exchange for a reasonable monthly charge. * - This suggestion will rub some folks the wrong way. I'm guessing that this is a branch office setup with VPN back to HQ, and that when a client's Internet traffic prompts the ISP to pull the plug, the whole office loses connectivity to HQ. So if users cannot limit their use to things compatible with the needs of the business, the business doesn't provide them with Internet access -- or a paycheque. Deal with it. David Gillett
-----Original Message----- From: Thomas Anderson [mailto:zelnaga () gmail com] Sent: Thursday, August 13, 2009 1:00 PM To: security-basics () securityfocus com Subject: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports Right now, I have maybe 10-20 computers plugged into a VPN enabled router. Problem with this setup is that if one computer behind the router does something "bad" all the computers behind the router suffer the consequences if the ISP decides to disable the connection, temporarily or otherwise. Normally, the way to work around this would be to just get a hub or a switch and connect through that, however, if that's done, all the computers would have to have VPN software installed on them and managing 10-20 computers is much more of a logistical challenge than managing one router. The ideal solution, it seems to me, would be a switch that connects each port, individually, to the VPN. If firewall rules could be applied universally to all ports, as well, that'd be helpful. Any ideas? -------------------------------------------------------------- ---------- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946; e13b6be442f727d1 -------------------------------------------------------------- ----------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Offsite confidential data storage?, (continued)
- Message not available
- Re: Offsite confidential data storage? { Feeyo|NixDevs } (Aug 19)
- RE: Offsite confidential data storage? Rene Groothuis (Aug 19)
- Re: Offsite confidential data storage? Simone (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Richard Golodner (Aug 18)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 18)
- Message not available
- Message not available
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 18)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Justin Mitchell (Aug 18)
- RE: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports David Gillett (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports David Gress (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports Thomas Anderson (Aug 18)
- RE: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports David Gillett (Aug 18)