Security Basics mailing list archives

Open VPN worries

From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Wed, 18 Sep 2013 11:06:33 -0700

Hi All,

I have several Open VPN server set up out there that don't requirepassword to log into. To handle this, the servers are set up such

your physically have to call the operator on the phone and have them
start the tunnel.  They (or I) kill the tunnel when they log out.
The tunnel is always off after hours.

There are only two client machines (with the keys) that operate
these tunnels.   Mine, which is Scientific Linux 6.4 (RHEL 6.4
clone), and it entire hard drive in luks encrypted.  The other
one is at the customer's home office and is Windows XP.

My concern is that someone could physically break into one of the clientmachine, sit down at the computer, log into one of the

servers, and starting something mischievous.

It is really not an issue at my home office as we are all "on site
service" with no outside human traffic to our home.  A break in
would be a "Hot break in".  This being Nevada, the bad guy,
without going into details, would not survive it.

My main concern would be an employee at the customer's home
office sitting down at the boss' computer and getting mischievous.
(The customer has a nice burler alarm for after hours and
has people living across the street to confront bad guys.)

Am I over worrying things?  Would it be better to have the Open VPN
client prompt for a password?

If I am not over worrying it, can clients be made to prompt for
passwords when the connect?  Can someone point me to a "How To"
for doing this with both Windows and Linux?

Many thanks,
-T


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Open VPN worries ToddAndMargo (Sep 18)
- Re: Open VPN worries Xinyun Zhou (Sep 19)
  - Re: Open VPN worries ToddAndMargo (Sep 19)
- Re: Open VPN worries Pui Edylie (Sep 19)