Solved

stunnel anybody?

Posted on 2004-04-15
8
320 Views
Last Modified: 2010-04-11
Hi,
 Just want to find out how difficult it is to use stunnel actually. Need to do up a proposal for some security measures, when I came across stunnel. Am a newbie in this area actually. Just wondering if I need to pick tha up, how much time will i need?
And recommendations?
0
Comment
Question by:QLJ
  • 4
  • 4
8 Comments
 
LVL 6

Accepted Solution

by:
bloemkool1980 earned 500 total points
ID: 10839840
Well from a regular user point a view it is very hard to use as it is not out-of-the-box solution.
But for a techie familiar with ssh tunneling it would be a peace of cake.
THe security is good meaning that you can encrypt your traffic easy etc... but it has a disadvantage that you cannot see what users are doing in the tunnel. It could be the gate to your network which will make it uncontrolled for yourself. Your IDS will not see anything except a encrypted connection.
I would rather use SSH and tunnel through ssh if possibel and if not I use openvpn as a encryption gateway.
If you are a unix minded it will take you half a day to pick up Stunnel.
What you like to do really ?

0
 
LVL 1

Author Comment

by:QLJ
ID: 10855878
well, what really is the issue is that the company wishes to allow some privileged customers to be able to access some materials online, via our server. However, commercial SSL is not financially viable for us, as we will not be using it as often to maximise its usage.
I had wanted to make use of Windows security to allow login instead, but then it would not be as safe as using encryption, isn't it? Sadly, I am not Unix minded at all, so i guess it's gonna be a mean task to get ssh going... Will interest make up for this?
Is openVPN good for windows? What do you suggest I do?
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10857112
I would suggest OPENVPN as it works well on win2k or later. It is easy to deploy and easy to configure. For ssh you need more configuration to be done if you would like to have a lot of tunnel where OPENVPN tunnels everything.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 1

Author Comment

by:QLJ
ID: 10866338
took a look at OPENVPN. looks slightly friendly than stunnel. However, I am not quite sure if I get this right... I want to be able to encrypt the login and everything in https page. Does OPENVPN allow me to do that? rather than tunneling all the info?
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10866382
if you do https you do not need stunnel.
HTTPS is encrypted all the way.
0
 
LVL 1

Author Comment

by:QLJ
ID: 10866442
I thgt stunnel will enable me to get a certificate for SSL.
Any idea how I can get it to be done with minimal technical assistance? (besides going to a commercial CA)
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10866457
A commercial CA is only needed if you are having commercial activities.
If the HTTPS server is only used by you and people who know you you can generate your OWN certificate either by using Microsoft CA server or by using openssl.
http://tirian.magd.ox.ac.uk/~nick/openssl-certs/ca.shtml this link explains openssl usages
0
 
LVL 1

Author Comment

by:QLJ
ID: 10866502
oh ic.. so I'm mistaken... think I get the idea.. little by little!
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question