Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remote site solution

From: Nick Owen <nowen () wikidsystems com>
Date: Wed, 29 Sep 2010 09:19:29 -0400
On Mon, Sep 27, 2010 at 4:13 AM, Monah Baki <mbaki () aljolit com> wrote:

Hi All,

Currently we are trying to come up with a solution for our
environment. We have around 50 remote sites that have a home DSL
(Dynamic IP). At HQ, we have a web server that whoever needs to access
it (via web), must physically be at the remote site. He/she cannot
access the server from anywhere else.
Unfortunately, buying a business classs DSL, with a static IP address
where I am costs more than $300 a month.
We have a Juniper SRX 240 at HQ that we can use to setup IPSEC, but to
keep my cost low, what hardware will suffice for the remote sites.

I was thinking setting up a IPS inline and drop all http requests by
mac addresses not belonging to the ones that we have in the remote
sites, but then they mentioned if the remote sites are going through
the ISP proxy, this will not work.

If it cannot be done only with the business class DSL, so be it.


I don't see how using an IP address or mac address is secure.  Both
are easily spoofed. It seems like the tail is wagging the dog here.

What you should do is require remote users to use two-factor
authentication to get a LAN address or require two-factor auth on the
web page. With Apache, you might be able to do a redirect based on the
IP address (something like RewriteCond %{REMOTE_ADDR} ^72\.4\.4\.112$)
and redirect external users to a virtual host that requires a stronger
auth mechanism as documented here:
http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-apache

HTH,

Nick

--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: