[ale] VPN'ing

Bob Toxen bob at verysecurelinux.com
Fri Oct 25 18:44:30 EDT 2002


> Has anyone tried using Linux as a VPN server for Windows clients to
> connect through?

Microsoft's standard IPSec client works just fine with FreeS/WAN, though
I've not done it.  Microsoft's PPTP is considered not secure and should
not be used.

Instead, I put a Linux-based Firewall/VPN/Virus Filter/Spam Filter in
employees' homes and VPN it to the organization's on-site VPN/Firewall/...
box.  By restricting access to the Linux box, a non-security-aware
person is much less likely to defeat the security unintentionally.
This provides excellent results.

There are security concerns with VPNs that people do not always realize.
If your employees' home systems have a direct connections to the Internet
(without the benefit of a good Firewall and Virus Filter) and then have
an unlimited VPN into the organization then you have bypassed the
organization's Firewall and Virus Filter and destroyed its security.
There are many techniques that should be done to ensure that this does
not happen.

> Best regards,
> Matthew Brown, President
> CorData, Inc.
> O: (770) 795-0089
> F: (404) 806-4855
> E: matthew.brown at cordata.net

Best regards,

Bob Toxen, President
Fly-By-Day Consulting, Inc.
"Your expert in Firewalls, Virus and Spam filters, VPNs,
network monitoring, and Network Security"
bob at verysecurelinux.com (e-mail)
+1 770-662-8321  (Office)

Author,
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd ed, Prentice Hall, October 24, 2002, 848 pages

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list