Need VPN Firewall security advice

From: Anthony Ewell (aewell_at_gbis.com)
Date: 08/21/04

  • Next message: Tom Adelstein: "DHS Secretary Ridge Gives the Go Ahead to Linux" 
    Date: Fri, 20 Aug 2004 19:45:00 -0700

    Hi All,

         I am about to put a port forward in my IPTABLES
    firewall to allow a remote Windows laptop to
    run a VNC on a desktop inside my firewall.

         The port forward checks to remote end's IP address,
    protocol type, and port before doing the forward.
    the VPN required a password in addition to the key.
    The user is very good about keeping the password
    separate from the laptop, in case it gets stolen.
    (The password is really, really nasty!) To break
    in, a thief would need both the password and the IP
    address of the distant end.

         Question: at this point in my description, do
    you all feel comfortable with what I am planning?

         If so, on to my next question. When the rest
    of the remote user figure out how the above works,
    they will want it too. Problem: the rest of them
    are on dynamic addresses. This would mean that
    I would have to open up the firewall to access
    a great deal of additional IP addresses.

        A thief would only need the password. And those
    annoying port scanner would be able to make contact
    the desktop's VPN (the password guessing would start
    in earnest). The idea of doing this give me
    hives! :'(

        Does anyone know of a secure way to handle these
    dynamic IP remote users?

    Many thanks,
    --Tony
    aewell@gbis.com 

    -- 
-------------------------
I Fish.  Therefore, I am.
-------------------------
  • Next message: Tom Adelstein: "DHS Secretary Ridge Gives the Go Ahead to Linux"

    Relevant Pages

    • Re: More on Remote Desktop
      ... I still won't be opening up a port on my firewall for it, ... The Remote Desktop ... > Yes a VPN will work just fine. ...
      (microsoft.public.windowsxp.network_web)
    • Re: 1 NIC v. 2 NICS & remote access questions from beginner
      ... a remote user I would recommend using a secure VPN. ... VPN funcionality I`ll tend to use that, ... the firewall for each service to the SBS server. ... >> assigned to its LAN port. ...
      (microsoft.public.windows.server.sbs)
    • Re: VPN Suddenly Stopped Working
      ... I did some remote troubleshooting over the phone, ... and the VPN immediately worked. ... configured that router with DDNS working, I now know why it wasn't working ... I tested it with DynDNS's Open Port tool, ...
      (microsoft.public.windows.server.networking)
    • Sometimes it works sometimes it doesnt (VPN data issues)
      ... I am running a windows2k3 SBS server behind a linksys firewall. ... remote users having troubles connecting to our network. ... I figured this was a firewall issue blocking VPN data, ... the connection will stall and then starting the connection process ...
      (microsoft.public.windows.server.networking)
    • Re: Authentication on PIX, WatchGuard, Safe@Office & SonicWall
      ... > I am looking to purchase a new firewall appliance to replace a Linksys ... > I am currently providing Remote Access using the Remote Web Workspace ... Why not do it the simple easy way - let them VPN into the firewall, ... That's not what it means - they are talking about remote users as in ...
      (comp.security.firewalls)