Home page logo
/

basics logo Security Basics mailing list archives

Re: Requesting info: VPN solution
From: Michael Gale <michael.gale () bluesuperman com>
Date: Wed, 31 Mar 2004 16:28:35 -0700

Hello,

        I guess it all depends on what you need, lets say for example you have
two offices. 

One in location A with static IP A.A.A.A and one in location B with
static IP B.B.B.B. 

Why go out and spend all kinds of money on VPN's --- they all do mostly
the same thing ... they usually all support the same encryption levels.

Why not use FreeS/Wan or SuperFreeS/Wan ? You take two average boxes and
install linux, base install nothing more. Really all you need is a
running kernel, you could easily use a bootable CD. 

Anyways base install and build Super FreeS/wan ... on VPN box at
location A we allow only UDP port 500 traffic and IP protocol 50 from IP
B.B.B.B only .. all other traffic is dropped. We do the same on box B at
location B, allowing only UDP port 500 and IP protocol 50 from IP
A.A.A.A.

You use then only allow AES-256 with SHA-1-256 bit encryption using RSA
keys.

Once configured their is NO maintenance at all required. I am using a
similar solution and since the initial install I never have had to
touch the boxes.

All this cost me about $1500 because I had to buy two boxes at $700 a
piece.


Michael.

On 30 Mar 2004 18:30:14 -0000
Nicholas Diotte <xphox () xphox net> wrote:



Good afternoon list,

Yet again, it's time for me to pick your brain...  I've been asked to
develop a VPN solution that will require little to no maintenance.

Project Goal: Connect two computers, on two public networks, to secure
data transfers between the two.  Ex: Offsite backup.

If anyone can recommend any hardware solutions that would establish a
secure connection...  I was looking into Cisco 1712 series...

The sky is the limit on this one, and I've been given a fairly
reasonable budget...

I've never setup anything like this before, so I'm open to any, and
all suggestions...

Thank you,
Nick Diotte

---------------------------------------------------------------------
------ Ethical Hacking at the InfoSec Institute. Mention this ad and
get $545 off any course! All of our class sizes are guaranteed to be
10 students or less to facilitate one-on-one interaction with one of
our expert instructors. Attend a course taught by an expert instructor
with years of in-the-field pen testing experience in our state of the
art hacking lab. Master the skills of an Ethical Hacker to better
assess the security of your organization. Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
---------------------------------------------------------------------
-------



-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]