What is the best/simplest option to use? I have roadwarriors who need to connect to data available in the network on samba-shares. They run Win XP on laptops. What is the best way security-wise to achieve that, and also what is the simplest in respect to installing new software (preferrably not) or use other settings for the warriors'PC's? -- L. de Braal BraHa Systems NL Terneuzen T +31 115 649333 F +31 115 649444
Leen de Braal wrote:
What is the best/simplest option to use?
I have roadwarriors who need to connect to data available in the network on samba-shares. They run Win XP on laptops. What is the best way security-wise to achieve that, and also what is the simplest in respect to installing new software (preferrably not) or use other settings for the warriors'PC's?
As I understand it, PPTP isn't very secure. You could use OpenVPN, which also has a Windows version.
On Friday 11 March 2005 10:07 am, Leen de Braal wrote:
What is the best/simplest option to use?
I have roadwarriors who need to connect to data available in the network on samba-shares. They run Win XP on laptops. What is the best way security-wise to achieve that, and also what is the simplest in respect to installing new software (preferrably not) or use other settings for the warriors'PC's?
I'm using PPTP for some of our remote users, but that's because I have Win 98 clients to support and '98 doesn't support ipsec. I'm actually using poptop on a SnapGear firewall, though I'm planning to start moving to ipsec on the 2K clients. As was said earlier, pptp is not as secure of a vpn solution as others. SnapGear, AKA Cyberguard, makes some nifty stuff: http://www.cyberguard.com/products/firewall/SG_Family/SG550.html?lang=de_EN Not that you necessarily want to buy a new firewall device, but it's Linux-based, allows direct iptables rule setting (or the use of a nifty wizard), etc, etc - and makes setting up pptp/ipsec servers relatively easy. I really like the one that handles most of my employer's traffic (a 550, as above), largely because the little embedded device boots way faster than the PC-based firewall (and VPN server) I was using before, and because this device will run for a *lot* longer on the UPS than the PC. Anyway, the simplest option is probably pptp. The best option from a security point of view, however, is not pptp. There was an article in last month's Linux Journal about different VPN solutions. If you're using an existing machine, you probably want OpenS/WAN. http://www.openswan.org/ --Danny
Danny Sauer wrote:
On Friday 11 March 2005 10:07 am, Leen de Braal wrote:
What is the best/simplest option to use?
I have roadwarriors who need to connect to data available in the network on samba-shares. They run Win XP on laptops. What is the best way security-wise to achieve that, and also what is the simplest in respect to installing new software (preferrably not) or use other settings for the warriors'PC's?
I'm using PPTP for some of our remote users, but that's because I have Win 98 clients to support and '98 doesn't support ipsec. I'm actually using poptop on a SnapGear firewall, though I'm planning to start moving to ipsec on the 2K clients. As was said earlier, pptp is not as secure of a vpn solution as others. SnapGear, AKA Cyberguard, makes some nifty stuff:
http://www.cyberguard.com/products/firewall/SG_Family/SG550.html?lang=de_EN
Not that you necessarily want to buy a new firewall device, but it's Linux-based, allows direct iptables rule setting (or the use of a nifty wizard), etc, etc - and makes setting up pptp/ipsec servers relatively easy. I really like the one that handles most of my employer's traffic (a 550, as above), largely because the little embedded device boots way faster than the PC-based firewall (and VPN server) I was using before, and because this device will run for a *lot* longer on the UPS than the PC.
Anyway, the simplest option is probably pptp. The best option from a security point of view, however, is not pptp. There was an article in last month's Linux Journal about different VPN solutions. If you're using an existing machine, you probably want OpenS/WAN. http://www.openswan.org/
--Danny
Also recommended for consideration is Astaro Secure Linux (ASL). I previously used BBIagent, but for some reason it stopped talking to my cable modem while it still works for another guy with the same sort of setup - cable modem --> firewall --> SuSE 9.2 and Windows 2000 in his case and in my case 5 linux boxes and SPARC Solaris 10, I switched to ASL (www.astaro.com), version 5.200 is the latest and as a firewall it is outstanding, heavily chrooted so you can't even use the floppy or copy stuff on to the hard drive, includes VPN, Intrusion detection/blocking, Virus and SPAM filtering, content filtering, remote management via a browser, etc. In addition to the software, they now market a standalone device. Regards Sid. -- Sid Boyce .... Large Computer Systems Specialist - Retired Hamradio Callsign G3VBV and Keen Private Pilot Aeroplanes, Linux, Computers and Cricket my major passions ===== LINUX USED HERE, A Microsoft-free Computing Environment ====
Sid Boyce wrote:
Danny Sauer wrote:
On Friday 11 March 2005 10:07 am, Leen de Braal wrote:
What is the best/simplest option to use?
I have roadwarriors who need to connect to data available in the network on samba-shares. They run Win XP on laptops. What is the best way security-wise to achieve that, and also what is the simplest in respect to installing new software (preferrably not) or use other settings for the warriors'PC's?
I'm using PPTP for some of our remote users, but that's because I have Win 98 clients to support and '98 doesn't support ipsec. I'm actually using poptop on a SnapGear firewall, though I'm planning to start moving to ipsec on the 2K clients. As was said earlier, pptp is not as secure of a vpn solution as others. SnapGear, AKA Cyberguard, makes some nifty stuff:
STUFF DELETED
Also recommended for consideration is Astaro Secure Linux (ASL). I previously used BBIagent, but for some reason it stopped talking to my cable modem while it still works for another guy with the same sort of setup - cable modem --> firewall --> SuSE 9.2 and Windows 2000 in his case and in my case 5 linux boxes and SPARC Solaris 10, I switched to ASL (www.astaro.com), version 5.200 is the latest and as a firewall it is outstanding, heavily chrooted so you can't even use the floppy or copy stuff on to the hard drive, includes VPN, Intrusion detection/blocking, Virus and SPAM filtering, content filtering, remote management via a browser, etc. In addition to the software, they now market a standalone device. Regards Sid.
http://www.linuxplanet.com/linuxplanet/newss/5780/1/ Linux Specialist Astaro Claims First Anti-Spyware Firewall. The articles says it's built on top of a hardened edition of Novell's SUSE Linux Enterprise Server (SLES). I thought it was their own rolled version of Linux, that's after watching it for about 5 years or longer (used it for a short spell back then when it only supported dial-up) and using it in anger for at least 6 months. Regards Sid. -- Sid Boyce .... Large Computer Systems Specialist - Retired Hamradio Callsign G3VBV and Keen Private Pilot Aeroplanes, Linux, Computers and Cricket my major passions ===== LINUX USED HERE, A Microsoft-free Computing Environment ====
participants (4)
-
Danny Sauer -
James Knott -
Leen de Braal -
Sid Boyce