Solved

VPN / Security

Posted on 2015-01-17
11
230 Views
Last Modified: 2015-01-28
Hi

I am trying to secure a small network with a few servers.  I want to setup a vpn for remote access, something open source and also ensure only locations allowed to access from certain locations.   I do not want to use ip security as some of the remote sites will have dynamic ip's.  Does anyone have any idea's?

thanks
0
Comment
Question by:Jack_son_
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 333 total points
Comment Utility
Best to get Static IP (External) if you can. Otherwise use DynDNS to fake a static IP.

Then put in a VPN router and provide access only to the users you wish. This will be secure.
0
 

Author Comment

by:Jack_son_
Comment Utility
great, some of the remote people will have dynamic ip's, so dyn DNS will work for that?
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 333 total points
Comment Utility
It the remote people have dynamic IP address and use a Client Application to access the VPN, it should work fine. I have done that a while back.
0
 

Author Comment

by:Jack_son_
Comment Utility
The only issue is I want to only allow about 7 users ip addresses from specific locations.   How could this be managed easily?
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 333 total points
Comment Utility
Restricting to 7 users is very easy. They need user names and shared secret to access. Adding all the possible IP locations would be a nightmare. You would need a policy for every possible IP. Since the users can move around (that IS the point of client software) then they would have to tell you where they are.

User name and shared secret should work just fine.
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
may i know the available platform for building the VPN solution? Windows? Linux? OS X? or simply hardware based using your exisiting router?
0
 

Author Comment

by:Jack_son_
Comment Utility
windows or linux would be the available platform
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 83 total points
Comment Utility
regarding VPN solutiions not based on IP Sec, for Windows platforms from NT4 to today's 2012 they all support PPTP based VPN though the recent versions is much better in terms of performance, reliability, secuirty and management capability. The most good points are the solution is built-in and free of charge, and has been proved workable in dynamic IP scenarios.

for Linux, PPTP VPN servers are also available in most distributions. check your version's release notes and manuals for more information.
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 333 total points
Comment Utility
It is easiest just to use a hardware VPN box for the office solution and let people remote in. I do this all the time.
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 84 total points
Comment Utility
Is user/certificate sufficient for security in your case? Guess so, as you do not gain security by restricting public and dynamic IP addresses.
IPsec works with dynamic IPs, btw.  Only site-2-site tunnels are restricted to that regard.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
@Jack_son_  - Thanks and I was happy to help you with this.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now