[prev in list] [next in list] [prev in thread] [next in thread]
List: security-basics
Subject: Re: Requesting info: VPN solution
From: Michael Gale <michael.gale () bluesuperman ! com>
Date: 2004-03-31 23:28:35
Message-ID: 20040331162835.3a34c95b () roadwarrior ! bluesuperman ! com
[Download RAW message or body]
Hello,
I guess it all depends on what you need, lets say for example you have
two offices.
One in location A with static IP A.A.A.A and one in location B with
static IP B.B.B.B.
Why go out and spend all kinds of money on VPN's --- they all do mostly
the same thing ... they usually all support the same encryption levels.
Why not use FreeS/Wan or SuperFreeS/Wan ? You take two average boxes and
install linux, base install nothing more. Really all you need is a
running kernel, you could easily use a bootable CD.
Anyways base install and build Super FreeS/wan ... on VPN box at
location A we allow only UDP port 500 traffic and IP protocol 50 from IP
B.B.B.B only .. all other traffic is dropped. We do the same on box B at
location B, allowing only UDP port 500 and IP protocol 50 from IP
A.A.A.A.
You use then only allow AES-256 with SHA-1-256 bit encryption using RSA
keys.
Once configured their is NO maintenance at all required. I am using a
similar solution and since the initial install I never have had to
touch the boxes.
All this cost me about $1500 because I had to buy two boxes at $700 a
piece.
Michael.
On 30 Mar 2004 18:30:14 -0000
Nicholas Diotte <xphox@xphox.net> wrote:
>
>
> Good afternoon list,
>
> Yet again, it's time for me to pick your brain... I've been asked to
> develop a VPN solution that will require little to no maintenance.
>
> Project Goal: Connect two computers, on two public networks, to secure
> data transfers between the two. Ex: Offsite backup.
>
> If anyone can recommend any hardware solutions that would establish a
> secure connection... I was looking into Cisco 1712 series...
>
> The sky is the limit on this one, and I've been given a fairly
> reasonable budget...
>
> I've never setup anything like this before, so I'm open to any, and
> all suggestions...
>
> Thank you,
> Nick Diotte
>
> ---------------------------------------------------------------------
> ------ Ethical Hacking at the InfoSec Institute. Mention this ad and
> get $545 off any course! All of our class sizes are guaranteed to be
> 10 students or less to facilitate one-on-one interaction with one of
> our expert instructors. Attend a course taught by an expert instructor
> with years of in-the-field pen testing experience in our state of the
> art hacking lab. Master the skills of an Ethical Hacker to better
> assess the security of your organization. Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ---------------------------------------------------------------------
> -------
>
--
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!
Michael Gale
Slackware user :)
Bluesuperman.com
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic