[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: Open VPN worries
From:       ToddAndMargo <ToddAndMargo () zoho ! com>
Date:       2013-09-19 20:15:21
Message-ID: 523B5B59.4060306 () zoho ! com
[Download RAW message or body]

On 09/19/2013 12:56 AM, Xinyun Zhou wrote:
> On Wed, 2013-09-18 at 11:06 -0700, ToddAndMargo wrote:
> > your physically have to call the operator on the phone and have them
> > start the tunnel.  They (or I) kill the tunnel when they log out.
> > The tunnel is always off after hours.
> 
> This is a good way if you don't care about the trouble.

There biggest problem is finding the double red Open VPN GUI
monitors.  It works pretty smoothly.

> > My concern is that someone could physically break into one of the client
> > machine, sit down at the computer, log into one of the
> > servers, and starting something mischievous.
> 
> Is there any protection to the computer itself (like login, disk
> encryption)? If not, you can put the key to an USB, which may be a
> really simple solution.

I worry that the boss will lose the stick.  My big worry is that
once the tunnel will be established, the boss will get up and
walk away for what ever reason, and a bad employee will sit down
at his computer and get to no good.  The boss does have a
passworded screen saver (the password is only known by him and me).

> > Am I over worrying things?  Would it be better to have the Open VPN
> > client prompt for a password?
> 
> You can setup OpenVPN so that it will require both key and password, it
> shouldn't be too difficult to setup, few do some Googling and you should
> be able to get it.

Would the password prompt be when starting the server, the client,
or both?

> > If I am not over worrying it, can clients be made to prompt for
> > passwords when the connect?  Can someone point me to a "How To"
> > for doing this with both Windows and Linux?
> 
> Actually I don't think I am fully understanding what your scenario is
> because it sounds really confusing. What role are you and your client?

I am a private contractor.  I provide I.T. services for the customer.
They have five outlying facilities.  Each has a Point of Sale (POS)
(Win XP Pro) computer that retains encrypted credit card
information.  On each POS computer, an Open VPN server resides.

On both my and the boss' computer, reside Open VPN clients

> where's the OpenVPN server installed?

The outlying facilities

> Who is the phone Operator you mean?

The employee at the outlying facility


> What OS does the server run,

Win XP Pro SP3.  The real one, not the POS version.
The POS software vendor has requested that we stick
with XP for now, as W7 & 8 drive them nuts.

> and what do you need the OpenVPN server for?

Open VPN to run Ultra VNC.  (A lot of the time I will
use Ultra VNC to start Go To Assist Express, as Ultra
VNC has got a lot of "issues".)

For me to do I.T. stuff.  For the boss, to assist with
training, operation, transfer files, assist with
difficult transactions, etc..


> ... Sorry maybe I did get those.

No problem, I sincerely appreciate the help!

-T



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL \
certificate.  We look at how SSL works, how it benefits your company and how your \
customers can tell if a site is secure. You will find out how to test, purchase, \
install and use a thawte Digital Certificate on your Apache web server. Throughout, \
best practices for set-up are highlighted to help you ensure efficient ongoing \
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]