Results 1 to 8 of 8

Thread: OpenVPN

  1. #1
    Member bradlesliect's Avatar
    Join Date
    Apr 2006
    Location
    CT - SA
    Posts
    74

    OpenVPN

    Hi,

    Anyone heard of this software? I know its open source but how secure is it? Is there not something else I can use instead?

    I need to make sure that when users make VPN connections into a client network that its secure and there are NO loopholes

    Thanks ...again.


    B
    .....I rather not say....

  2. #2
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    Quote Originally Posted by bradlesliect
    Hi,

    Anyone heard of this software? I know its open source but how secure is it? Is there not something else I can use instead?

    I need to make sure that when users make VPN connections into a client network that its secure and there are NO loopholes

    Thanks ...again.


    B
    Notwithstanding that there are no guarantees in life...

    You need to do a risk assesment for your needs.

    What is the nature of the network you are trying to protect.

    Is it a bank, military base or a school club?

    If you need 100% security, should you be allowing any external connections - Remeber, what happens if someone has thier laptop stolen that has the connection software and keys on it.

    I know of corportae users of OpenVPN that make good use of it without incident, but unless you understand your own security needs then this question can't be answered here.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  3. #3
    Member bradlesliect's Avatar
    Join Date
    Apr 2006
    Location
    CT - SA
    Posts
    74
    This is for a financial institution. I have been asked to take a look at the way ppl access the network from both inside and out.

    OpenVPN is the client used to access the co resources from outside. Where the VPN connection is made to I am not sure yet ie. PIX firewall, Router, Windows Server.

    I would like for them to use something more secure other than this if it poses a problem.
    .....I rather not say....

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I really think you should consider securing things on both ends of the VPN and using several layers of securty

    If you want some semblence of security with remote users
    Users should run on limited accounts from machines that are secure, maybe even using a hardware VPN solution...point to point...each user has a vpn router on thier end.

    Guess it depends on budget...how many users and what type of acctivity and transactions they will be doing.

    My brother works for a bank here in canada...I believe he as 4 passwords just to connect...and depending on the transaction...has to enter up at least 7....3 more after connection.......all different.
    They also use a hardware key generator where the main access code changes every 30 seconds or so.

    This was a few years ago....the machine also dialed direct into the bank..not sure what system they use now....but gives you an idea the how complex it can be.

    All comes down to budget and what you are doing.

    Personally....I wouldnt use open source....unless you have the resources to continue to develop and support your OWN version

    just MHO

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    If you are a financial institution and I were in your shoes I would consider getting an external security agency to perfom a security audit on yourselves and then get them to recommend an appropriate solution for your needs.

    You should invite a few companies to come and pitch and ensure senior management are involved in the selection process of the company, as well as the discussions about the security audit and the selection of the appropriate product for your needs,

    If you don't do this and something goes wrong I suspect that you will open your company to a charge of negligence and yourself to disciplinary action.

    Just my 2c

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    How's the VPN protected? Passwords? Certificates? Both? What's being used to setup the VPN? SSL? IPSec? Remember VPN isn't a protocol, it's a topology.

    OpenVPN is quite good. I doubt you'll find something that's more secure.

    On a related note, if you don't know what OpenVPN is then I'm not sure you're the right person to test it's security.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Junior Member
    Join Date
    Mar 2005
    Posts
    5
    OPenvpn is a great solution that many many many companies use for a free software solution to vpn needs. It is very secure, encapsulates all protocols, is opensource and runs on broadcom embeded hardware, linux and windows OSs.

    IT is very very easy to setup and there are about 5000 tutorials on how to do it..

    IT will 100% fill the needs of your company. I prefer it to Cisco VPN 3000 hands down nevermind the cost......
    \"Good from a far, but far from good\"

  8. #8
    Senior Member WolfeTone's Avatar
    Join Date
    Jun 2007
    Location
    Ireland
    Posts
    197
    Well first of all what OS are you running on the Server that provides internet access?

    What hardware routers do you have in place?

    Are there are firewalls on the OS/hardware?

    Depending on what you have in place already, there might be a facility to allow VPNs through routing and remote access for example on Windows 2003 Server.

Similar Threads

  1. LDAP two factor authentication
    By killerbeesateme in forum *nix Security Discussions
    Replies: 4
    Last Post: April 17th, 2006, 09:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •