Home page logo
/

basics logo Security Basics mailing list archives

Re: Openvpn and ssh
From: Baptiste Malguy <baptiste.malguy () solsoft com>
Date: Tue, 17 Jan 2006 10:37:24 +0100

Hello Juan,

Juan B a écrit :
Hi,

Can someone please explain to if open vpn and vpn in
general is more secure then using SSH to conect for
example to my server at home? and if yes why is that?

The concept of VPN and the VPN protocols are two distincts things.

The concept is simply to have a machine or a set of machines virtually
connected to a remote network.

The protocols are implemented. Both (protocols and implementations) can
be good or have very serious lacks and finally be unuseful.

You have many kind of VPN implementations and protocols existing.

To take a bad example, you have the PPTP protocol (initially by
Microsoft) which is known to have some serious lacks, allowing to a
third party to potentially steal the login and password of the VPN
client (I will not discuss the technical aspects here ;-)

To take another very well known example, you have IPSec protocol (stands
for IP Security) with different (sometimes incompatible)
implementations. IPSec has some known lacks that developpers try to fix.
From my point of view, IPsec requires hard work to work properly and be
secured.

Another young but already good example is OpenVPN which is based on TLS
(SSL). It's pretty easy to setup (compared to IPSec) efficient, based on
simple network communications (compared to PPTP and IPSec) allowing
proxy pass-through and NAT traversal with any special stuff on the
routers/firewall/... side.

Choose to use a VPN requires to choose a secured implementation. If you
don't, it's useless.

SSH is a very secure system providing remote shell and TCP port forwarding.

Mmmm I've probably already written too much. Let's try to be quicker.

In your case, if the only thing you want to do is remote shell, SSH is
probably enough. If you also want to be able to connect to some services
on your home computer (VNC, Windows shares, protocols with cleartext
password on the wire, ...) use a VPN is a good idea and OpenVPN is a
good solution.

Regards,

-- 
Baptiste MALGUY - IT Engineer                               SOLSOFT
PGP Fingerprint: 2A90 B6D1 855F 1584 FE68  94AC CCD6 36D0 3DC7 DCB8
www.solsoft.com - phone: +33 1 47 15 04 00 - fax: +33 1 47 15 55 09
                 How secure networks are managed.

Attachment: signature.asc
Description: OpenPGP digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault