Dominig Posts

4. Security matters

Monday, 26 June 2006 14:48 Dominig

Security Icon SSL versus IPSEC is a common discussion topic.

A sad reality shows that most of attacks come from inside any organisation while most of protection effort is done on the outside. A good practice consists to force the use of transparent proxy for all outgoing traffic beside of ssl and to block any incoming traffic and port redirect the absolute minimum (HTTP, HTTPS, SSL, SMTP, NTP, OpenVPN).

1. LAN interconnection over DSL

Monday, 26 June 2006 12:55 Dominig

Interconnect Icon Many of us would like to interconnect LANs over DSL links, unfortunately the difficulties of managing all the complexity of the solution (DSL, Firewall, NAT, DNS, PKI, routing, ...) has stopped more than one of us.

We do not intend to replace the very valuable documentation available on the Net, but more to drive you through a few practical use cases. The proposed solution uses OpenVPN which runs on most OS available on the market and with regular low cost DSL or cable network connections.

Our study does not cover all the possible use cases but presents the advantage of actually working between a few sites of fridu.org members located in different countries.

VPN based on SSL (as OpenVPN) can present, like any network topology, security weaknesses. At fridu.org we prefer PKI structure in lieu of shared secret. We assume that keys and certificat can be distributed in a reasonably safe manner. The proposed method has been optimised to limit the cost to zero Euros while keeping the security level to a decent level.

1. Asterisk SIP Dual firewalls

Monday, 26 June 2006 12:55 Dominig

Many of us would like to enjoy a remote SIP phone to connect on our Asterisk PBX server from a remote location. Unfortunatly connecting SIP phones over firewall is not an obvious task.

www.fridu.net

4. Security matters

1. LAN interconnection over DSL

1. Asterisk SIP Dual firewalls

Main Menu

Menu-Dominig