Security Basics mailing list archives
Open VPN worries
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Wed, 18 Sep 2013 11:06:33 -0700
Hi All,I have several Open VPN server set up out there that don't require password to log into. To handle this, the servers are set up such
your physically have to call the operator on the phone and have them start the tunnel. They (or I) kill the tunnel when they log out. The tunnel is always off after hours. There are only two client machines (with the keys) that operate these tunnels. Mine, which is Scientific Linux 6.4 (RHEL 6.4 clone), and it entire hard drive in luks encrypted. The other one is at the customer's home office and is Windows XP.My concern is that someone could physically break into one of the client machine, sit down at the computer, log into one of the
servers, and starting something mischievous. It is really not an issue at my home office as we are all "on site service" with no outside human traffic to our home. A break in would be a "Hot break in". This being Nevada, the bad guy, without going into details, would not survive it. My main concern would be an employee at the customer's home office sitting down at the boss' computer and getting mischievous. (The customer has a nice burler alarm for after hours and has people living across the street to confront bad guys.) Am I over worrying things? Would it be better to have the Open VPN client prompt for a password? If I am not over worrying it, can clients be made to prompt for passwords when the connect? Can someone point me to a "How To" for doing this with both Windows and Linux? Many thanks, -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Open VPN worries ToddAndMargo (Sep 18)
- Re: Open VPN worries Xinyun Zhou (Sep 19)
- Re: Open VPN worries ToddAndMargo (Sep 19)
- Re: Open VPN worries Pui Edylie (Sep 19)
- Re: Open VPN worries Xinyun Zhou (Sep 19)