Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 343
  • Last Modified:

stunnel anybody?

Hi,
 Just want to find out how difficult it is to use stunnel actually. Need to do up a proposal for some security measures, when I came across stunnel. Am a newbie in this area actually. Just wondering if I need to pick tha up, how much time will i need?
And recommendations?
0
QLJ
Asked:
QLJ
  • 4
  • 4
1 Solution
 
bloemkool1980Commented:
Well from a regular user point a view it is very hard to use as it is not out-of-the-box solution.
But for a techie familiar with ssh tunneling it would be a peace of cake.
THe security is good meaning that you can encrypt your traffic easy etc... but it has a disadvantage that you cannot see what users are doing in the tunnel. It could be the gate to your network which will make it uncontrolled for yourself. Your IDS will not see anything except a encrypted connection.
I would rather use SSH and tunnel through ssh if possibel and if not I use openvpn as a encryption gateway.
If you are a unix minded it will take you half a day to pick up Stunnel.
What you like to do really ?

0
 
QLJAuthor Commented:
well, what really is the issue is that the company wishes to allow some privileged customers to be able to access some materials online, via our server. However, commercial SSL is not financially viable for us, as we will not be using it as often to maximise its usage.
I had wanted to make use of Windows security to allow login instead, but then it would not be as safe as using encryption, isn't it? Sadly, I am not Unix minded at all, so i guess it's gonna be a mean task to get ssh going... Will interest make up for this?
Is openVPN good for windows? What do you suggest I do?
0
 
bloemkool1980Commented:
I would suggest OPENVPN as it works well on win2k or later. It is easy to deploy and easy to configure. For ssh you need more configuration to be done if you would like to have a lot of tunnel where OPENVPN tunnels everything.
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
QLJAuthor Commented:
took a look at OPENVPN. looks slightly friendly than stunnel. However, I am not quite sure if I get this right... I want to be able to encrypt the login and everything in https page. Does OPENVPN allow me to do that? rather than tunneling all the info?
0
 
bloemkool1980Commented:
if you do https you do not need stunnel.
HTTPS is encrypted all the way.
0
 
QLJAuthor Commented:
I thgt stunnel will enable me to get a certificate for SSL.
Any idea how I can get it to be done with minimal technical assistance? (besides going to a commercial CA)
0
 
bloemkool1980Commented:
A commercial CA is only needed if you are having commercial activities.
If the HTTPS server is only used by you and people who know you you can generate your OWN certificate either by using Microsoft CA server or by using openssl.
http://tirian.magd.ox.ac.uk/~nick/openssl-certs/ca.shtml this link explains openssl usages
0
 
QLJAuthor Commented:
oh ic.. so I'm mistaken... think I get the idea.. little by little!
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now