OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: (no subject)
From: Nikola Krgovic (nikolakCODELT.COM)
Date: Sun Nov 26 2000 - 05:40:39 CST

Marnix Petrarca wrote:

> Hi,
>
> I need to set up a machine for dial-in from another location, so I can acces my network remotely and hopefully securely. I need it to be Redhat Linux 7, and I will use PCI-based ISDN cards on this machine. I will be calling into the Redhat with a Win2k box, also via one or more ISDN lines. I use EuroDSS1.
>
> I have seen many PCI ISDN cards for Linux like www.traverse.com, but I need the machine to do callback on me and possibly encrypt the line like Magistrate VPN or something. It has to do Multi-Link or better, like the one from traverse.
>
> If anybody know Does anybody know from experience - no factsheets! if he/she knows of a good working ISDN/VPN bundle for RH Linux that will work?? Lowcost?
>
> Thanks, bye -- MarnixDaemonLabs.com, The Netherlands.

 Well I had some experience, using RH 6.2, and I see no reason why it shouldn't work on 7.

 As for hardware I strongly recomend ELSA Microlink ISDN. Works like a charm, and it gives you a normal access as if it were a modem. And it's realy inexpencive!

 If you want callback my recomendation is simple: do it yourselfe. All you have to do is to make a user wich you will be using for this (preferably you should make it the only user who can dial-in, use pam) and make a special shell for this user. In that shell you can easily make it to hang up and do
callback, wheather of the numer that dialed, or, wich is easier AND safer, of a pre-given, hardcoded number.

 As for security and encription, hm, in the words of ESR (not an exact quote): if you are trying to make
a secure windows machine: give up. But here's a few hint's: Get ssh for windows, you can use it for
allmost all maintenance and it's very secure. If you need ftp use scp (a secure equivalent to rcp, you
can get it in ssh package). If you need mail set up your mail server to enable encription. Same goes for apache.

 Of course if you can use Linux it's easy: just make an ssh tunnel: see man ssh, option -L ! I never tried,
but this may just work even on Windows! It's not VPN, it's a ssh encripted channel between a port on a
client and a port on a server, throough which you can use anything. Not that there is much difference,
though, but it is encripted, ity is very secure, and it is the encription you can trust.

 And if you do get this to work on Win2k: a) do let us know ;)))) b) do compile the ssh yourselfe. That's the only way to know that it is realy secure.

 cu,
 nk.