Solved

stunnel anybody?

Posted on 2004-04-15
8
324 Views
Last Modified: 2010-04-11
Hi,
 Just want to find out how difficult it is to use stunnel actually. Need to do up a proposal for some security measures, when I came across stunnel. Am a newbie in this area actually. Just wondering if I need to pick tha up, how much time will i need?
And recommendations?
0
Comment
Question by:QLJ
  • 4
  • 4
8 Comments
 
LVL 6

Accepted Solution

by:
bloemkool1980 earned 500 total points
ID: 10839840
Well from a regular user point a view it is very hard to use as it is not out-of-the-box solution.
But for a techie familiar with ssh tunneling it would be a peace of cake.
THe security is good meaning that you can encrypt your traffic easy etc... but it has a disadvantage that you cannot see what users are doing in the tunnel. It could be the gate to your network which will make it uncontrolled for yourself. Your IDS will not see anything except a encrypted connection.
I would rather use SSH and tunnel through ssh if possibel and if not I use openvpn as a encryption gateway.
If you are a unix minded it will take you half a day to pick up Stunnel.
What you like to do really ?

0
 
LVL 1

Author Comment

by:QLJ
ID: 10855878
well, what really is the issue is that the company wishes to allow some privileged customers to be able to access some materials online, via our server. However, commercial SSL is not financially viable for us, as we will not be using it as often to maximise its usage.
I had wanted to make use of Windows security to allow login instead, but then it would not be as safe as using encryption, isn't it? Sadly, I am not Unix minded at all, so i guess it's gonna be a mean task to get ssh going... Will interest make up for this?
Is openVPN good for windows? What do you suggest I do?
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10857112
I would suggest OPENVPN as it works well on win2k or later. It is easy to deploy and easy to configure. For ssh you need more configuration to be done if you would like to have a lot of tunnel where OPENVPN tunnels everything.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 1

Author Comment

by:QLJ
ID: 10866338
took a look at OPENVPN. looks slightly friendly than stunnel. However, I am not quite sure if I get this right... I want to be able to encrypt the login and everything in https page. Does OPENVPN allow me to do that? rather than tunneling all the info?
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10866382
if you do https you do not need stunnel.
HTTPS is encrypted all the way.
0
 
LVL 1

Author Comment

by:QLJ
ID: 10866442
I thgt stunnel will enable me to get a certificate for SSL.
Any idea how I can get it to be done with minimal technical assistance? (besides going to a commercial CA)
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10866457
A commercial CA is only needed if you are having commercial activities.
If the HTTPS server is only used by you and people who know you you can generate your OWN certificate either by using Microsoft CA server or by using openssl.
http://tirian.magd.ox.ac.uk/~nick/openssl-certs/ca.shtml this link explains openssl usages
0
 
LVL 1

Author Comment

by:QLJ
ID: 10866502
oh ic.. so I'm mistaken... think I get the idea.. little by little!
0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Website and email setup 4 59
non-domain members are not prompted for credentials 18 70
Guest Wireless in a Business Environment 6 121
802.1X auth setup and configuration 3 35
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question