Security Basics mailing list archives
RE: Remote site solution
From: Joachim Thuau <Joachim.Thuau () heavy-iron com>
Date: Tue, 28 Sep 2010 09:38:21 -0700
You have a central hub location that is equipped with a juniper SRX240. You intend to secure all 50 remote location. Do I get this right? Regarding mac address filtering: You can filter by mac addresses only on a lan (a mac address is a property of layer 2 frame, not a layer 3 packet). All the packets that will come from a remote location (beyond your gateway) will be embedded in frames that have the mac address of your gateway/router. You could setup some sort of inbound proxy at the hub that ignores anything that is not from your 50 remote locations. The problem with that is that you have no control over the IP addresses of your remote sites. They are using DHCP and may change at any time. I'm not familiar with the juniper solution, but I would assume that you could get some entry level box to each location and use those to establish VPN tunnels from each location to your central hub office. You would have to check with your juniper vendor to get pricing and information on how to proceed from there. Make sure your central office device (the SRX240) can take 50 VPN inbound, and that each office is outfitted with the proper equipment. I hope this helps... Jok ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Remote site solution Monah Baki (Sep 27)
- Re: Remote site solution Sudev Barar (Sep 28)
- Re: Remote site solution Francois Yang (Sep 28)
- Message not available
- Re: Remote site solution Kraig Babin (Sep 28)
- Message not available
- RE: Remote site solution Joachim Thuau (Sep 28)
- Re: Remote site solution Nick Owen (Sep 30)
- RE: Remote site solution Bretten, Andrew P (Sep 30)
- <Possible follow-ups>
- Re: Re: Remote site solution freeshit (Sep 28)