On Mon, 25 Jan 2010 19:32:38 +0000, Greg Russell asked:
> We have several users that are "on the road" and require connectivity
> from various sites such as motels, coffeehouses, airports and dialup to
> various ISPs. We'd like to have a secure tunneling connection for these
> users, and we'd like to ask what might be a viable solution that works
> for all these various connection points?
The most secure would as far as I am aware be ssh over an openvpn with
TLS authentication session.
Have a look at the introduction and further documentation at
<http://www.openvpn.NET/index.php/open-source.html>
For even more security, you could consider the use of smart cards plus
user PIN as part of the authorization procedure.
<http://michele.pupazzo.ORG/docs/smart-cards-openvpn.html>
One nice aspect of openvpn is that you can set up categories of users,
with different access privileges, if so desired.
QUOTE
The server can enforce client-specific access rights based on embedded
certificate fields, such as the Common Name.
UNQUOTE
And should a laptop machine be lost on the road, even though the system
should be setup requiring a password as well as a certificate on the
laptop, the certificate on the laptop can be revoked at any time.
|
Similar Threads
Linear Mode
