Security Basics
Open VPN worries Sep 18 2013 06:06PM
ToddAndMargo (ToddAndMargo zoho com) (2 replies)
Re: Open VPN worries Sep 19 2013 08:42AM
Pui Edylie (email edylie net)
Hi Todd,

I have similar concern before and I have setup OpenVPN to go with 2FA
authentication.

That pretty much take care of the concern :)

Good Luck!

Best,
Edy

On 9/19/2013 2:06 AM, ToddAndMargo wrote:
> Hi All,
>
> I have several Open VPN server set up out there that don't require
> password to log into. To handle this, the servers are set up such
> your physically have to call the operator on the phone and have them
> start the tunnel. They (or I) kill the tunnel when they log out.
> The tunnel is always off after hours.
>
> There are only two client machines (with the keys) that operate
> these tunnels. Mine, which is Scientific Linux 6.4 (RHEL 6.4
> clone), and it entire hard drive in luks encrypted. The other
> one is at the customer's home office and is Windows XP.
>
> My concern is that someone could physically break into one of the
> client machine, sit down at the computer, log into one of the
> servers, and starting something mischievous.
>
> It is really not an issue at my home office as we are all "on site
> service" with no outside human traffic to our home. A break in
> would be a "Hot break in". This being Nevada, the bad guy,
> without going into details, would not survive it.
>
> My main concern would be an employee at the customer's home
> office sitting down at the boss' computer and getting mischievous.
> (The customer has a nice burler alarm for after hours and
> has people living across the street to confront bad guys.)
>
> Am I over worrying things? Would it be better to have the Open VPN
> client prompt for a password?
>
> If I am not over worrying it, can clients be made to prompt for
> passwords when the connect? Can someone point me to a "How To"
> for doing this with both Windows and Linux?
>
> Many thanks,
> -T
>
>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Open VPN worries Sep 19 2013 07:56AM
Xinyun Zhou (me xyzhou com) (1 replies)
Re: Open VPN worries Sep 19 2013 08:15PM
ToddAndMargo (ToddAndMargo zoho com)


 

Privacy Statement
Copyright 2010, SecurityFocus