Solved

stunnel anybody?

Posted on 2004-04-15
8
313 Views
Last Modified: 2010-04-11
Hi,
 Just want to find out how difficult it is to use stunnel actually. Need to do up a proposal for some security measures, when I came across stunnel. Am a newbie in this area actually. Just wondering if I need to pick tha up, how much time will i need?
And recommendations?
0
Comment
Question by:QLJ
  • 4
  • 4
8 Comments
 
LVL 6

Accepted Solution

by:
bloemkool1980 earned 500 total points
ID: 10839840
Well from a regular user point a view it is very hard to use as it is not out-of-the-box solution.
But for a techie familiar with ssh tunneling it would be a peace of cake.
THe security is good meaning that you can encrypt your traffic easy etc... but it has a disadvantage that you cannot see what users are doing in the tunnel. It could be the gate to your network which will make it uncontrolled for yourself. Your IDS will not see anything except a encrypted connection.
I would rather use SSH and tunnel through ssh if possibel and if not I use openvpn as a encryption gateway.
If you are a unix minded it will take you half a day to pick up Stunnel.
What you like to do really ?

0
 
LVL 1

Author Comment

by:QLJ
ID: 10855878
well, what really is the issue is that the company wishes to allow some privileged customers to be able to access some materials online, via our server. However, commercial SSL is not financially viable for us, as we will not be using it as often to maximise its usage.
I had wanted to make use of Windows security to allow login instead, but then it would not be as safe as using encryption, isn't it? Sadly, I am not Unix minded at all, so i guess it's gonna be a mean task to get ssh going... Will interest make up for this?
Is openVPN good for windows? What do you suggest I do?
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10857112
I would suggest OPENVPN as it works well on win2k or later. It is easy to deploy and easy to configure. For ssh you need more configuration to be done if you would like to have a lot of tunnel where OPENVPN tunnels everything.
0
 
LVL 1

Author Comment

by:QLJ
ID: 10866338
took a look at OPENVPN. looks slightly friendly than stunnel. However, I am not quite sure if I get this right... I want to be able to encrypt the login and everything in https page. Does OPENVPN allow me to do that? rather than tunneling all the info?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10866382
if you do https you do not need stunnel.
HTTPS is encrypted all the way.
0
 
LVL 1

Author Comment

by:QLJ
ID: 10866442
I thgt stunnel will enable me to get a certificate for SSL.
Any idea how I can get it to be done with minimal technical assistance? (besides going to a commercial CA)
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10866457
A commercial CA is only needed if you are having commercial activities.
If the HTTPS server is only used by you and people who know you you can generate your OWN certificate either by using Microsoft CA server or by using openssl.
http://tirian.magd.ox.ac.uk/~nick/openssl-certs/ca.shtml this link explains openssl usages
0
 
LVL 1

Author Comment

by:QLJ
ID: 10866502
oh ic.. so I'm mistaken... think I get the idea.. little by little!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now