[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: question on
Where is the VPN in the diagram? If you run a VPN on your internal
network then you are in good shape- simply require all access to obsd-gw
to use the VPN. This is pretty good.
You can also require WEP to make it a bit more difficult to connect to
your wireless network. This is not very good, but it helps a bit.
You can also configure your wireless access point to deny clients which
have unknown MAC addresses.
You can also configure your obsd-gw to deny internal packets from
unknown IP addresses [then you should use static IP addresses on your
Note that your weakest machine is your weakest link, so if you run an
unpatched windows machine with "share C$ to all with no password" then
your IPSEC / VPN would be useless against a "copy and paste" attack of
your private key.
If you don't use a VPN internally you can still use the rest of the
Hope this helps,
From: firstname.lastname@example.org [mailto:email@example.com] On Behalf
Sent: Tuesday, March 05, 2002 05:54
Subject: question on
For the couple of days, I spent most of the time to study the setup of
VPN, X509... for the infrastructure (LAN). However, I have one question
in my mind that confuse me very much. Let me present it with the
internet <--> openbsd-gw <--> internal LAN (wireless / wired)
The question is like that how can the sys admin guard the illegal user
from the ineternal LAN to use the facilities of the openbsd-gw. He may
know the IP of the openbsd-gw, DNS server. For example, he/she may use
a laptop with a wireless LAN and setup all necessary setting to use the
facilites of the GW. How can the sys admin control it. If it is stupid
question, please forget me. Thanks.