Security Basics mailing list archives
Re: Requesting info: VPN solution
From: Nicholas Diotte <xphox () xphox net>
Date: 1 Apr 2004 18:59:07 -0000
In-Reply-To: <20040331162835.3a34c95b () roadwarrior bluesuperman com> Michael, I would have to agree with you on this one. I would have gone with a similer setup, however the company I work for is basically anti-linux, and requires the presence of big names. Yes, each end will have a static IP. One will be on cable, the other on DSL. As confident as I am about securing a linux box, I don't quite know if I would put my name on this project, as this is for a financial institution... Last thing I want is someone to get into the machine, because of something that I didn't update. It needs to almost be set it, and forget it. I understand it's nearly impossible these days, however that is what I'm looking for... Thanks, Nick
Hello, I guess it all depends on what you need, lets say for example you have two offices. One in location A with static IP A.A.A.A and one in location B with static IP B.B.B.B. Why go out and spend all kinds of money on VPN's --- they all do mostly the same thing ... they usually all support the same encryption levels. Why not use FreeS/Wan or SuperFreeS/Wan ? You take two average boxes and install linux, base install nothing more. Really all you need is a running kernel, you could easily use a bootable CD. Anyways base install and build Super FreeS/wan ... on VPN box at location A we allow only UDP port 500 traffic and IP protocol 50 from IP B.B.B.B only .. all other traffic is dropped. We do the same on box B at location B, allowing only UDP port 500 and IP protocol 50 from IP A.A.A.A. You use then only allow AES-256 with SHA-1-256 bit encryption using RSA keys. Once configured their is NO maintenance at all required. I am using a similar solution and since the initial install I never have had to touch the boxes. All this cost me about $1500 because I had to buy two boxes at $700 a piece. Michael.
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Requesting info: VPN solution Brian Whitehead (Apr 01)
- <Possible follow-ups>
- Re: Requesting info: VPN solution Michael Gale (Apr 01)
- RE: Requesting info: VPN solution Keenan Smith (Apr 01)
- RE: Requesting info: VPN solution Andrew Shore (Apr 01)
- RE: Requesting info: VPN solution Henry, Christopher M. (Apr 02)
- Re: Requesting info: VPN solution Nicholas Diotte (Apr 02)