Security Basics
Open VPN worries Sep 18 2013 06:06PM
ToddAndMargo (ToddAndMargo zoho com)
Hi All,

I have several Open VPN server set up out there that don't require
password to log into. To handle this, the servers are set up such
your physically have to call the operator on the phone and have them
start the tunnel. They (or I) kill the tunnel when they log out.
The tunnel is always off after hours.

There are only two client machines (with the keys) that operate
these tunnels. Mine, which is Scientific Linux 6.4 (RHEL 6.4
clone), and it entire hard drive in luks encrypted. The other
one is at the customer's home office and is Windows XP.

My concern is that someone could physically break into one of the client
machine, sit down at the computer, log into one of the
servers, and starting something mischievous.

It is really not an issue at my home office as we are all "on site
service" with no outside human traffic to our home. A break in
would be a "Hot break in". This being Nevada, the bad guy,
without going into details, would not survive it.

My main concern would be an employee at the customer's home
office sitting down at the boss' computer and getting mischievous.
(The customer has a nice burler alarm for after hours and
has people living across the street to confront bad guys.)

Am I over worrying things? Would it be better to have the Open VPN
client prompt for a password?

If I am not over worrying it, can clients be made to prompt for
passwords when the connect? Can someone point me to a "How To"
for doing this with both Windows and Linux?

Many thanks,
-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus