Home page logo
/

basics logo Security Basics mailing list archives

Re: Requesting info: VPN solution
From: Nicholas Diotte <xphox () xphox net>
Date: 1 Apr 2004 18:59:07 -0000

In-Reply-To: <20040331162835.3a34c95b () roadwarrior bluesuperman com>

Michael,

I would have to agree with you on this one.  I would have gone with a similer setup, however the company I work for is 
basically anti-linux, and requires the presence of big names.

Yes, each end will have a static IP.  One will be on cable, the other on DSL.

As confident as I am about securing a linux box, I don't quite know if I would put my name on this project, as this is 
for a financial institution...  Last thing I want is someone to get into the machine, because of something that I 
didn't update.  It needs to almost be set it, and forget it.  I understand it's nearly impossible these days, however 
that is what I'm looking for...

Thanks,
Nick


Hello,

      I guess it all depends on what you need, lets say for example you have
two offices. 

One in location A with static IP A.A.A.A and one in location B with
static IP B.B.B.B. 

Why go out and spend all kinds of money on VPN's --- they all do mostly
the same thing ... they usually all support the same encryption levels.

Why not use FreeS/Wan or SuperFreeS/Wan ? You take two average boxes and
install linux, base install nothing more. Really all you need is a
running kernel, you could easily use a bootable CD. 

Anyways base install and build Super FreeS/wan ... on VPN box at
location A we allow only UDP port 500 traffic and IP protocol 50 from IP
B.B.B.B only .. all other traffic is dropped. We do the same on box B at
location B, allowing only UDP port 500 and IP protocol 50 from IP
A.A.A.A.

You use then only allow AES-256 with SHA-1-256 bit encryption using RSA
keys.

Once configured their is NO maintenance at all required. I am using a
similar solution and since the initial install I never have had to
touch the boxes.

All this cost me about $1500 because I had to buy two boxes at $700 a
piece.


Michael.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]