Improving Security - Or "What To Do With Unused Computers?"
With the planned installation of public wireless hotspots, there is the potential for opening up our local LANs to a host of security problems. Though the computers themselves have their own firewalls, are regularly patched and have other safeguards, you want to keep them invisible and inaccessible to the public (and the Internet). Toward that end, I'm planning on beefing up network security by building VPNs -- Virtual Private Networks -- to bridge together our networks and keep certain applications accessible to us, but inaccessible to the public.
Basically, I'd need a computer with a pair of network cards that'll handle traffic and create "tunnels." These "tunnels" are actually pieces of information (packets) that are encrypted at one end, sent over an unsecure medium (the Internet), decrypted at the other end and sent on to the receiving computer. In other worlds, a very powerful and flexible Internet Router.
This is very handy when you have certain applications that you'd want to access remotely (like VNC and Printer Administration) but want kept secure. Though you can buy commercial appliances, they can get expensive and use closed-source software; making changes and upgrades potentially problematic and expensive. On the other hand, I could build them in-house using open-source software and use off-the-shelf hardware to keep costs low.
Currently, I have three older Pentium 4 PCs just laying around that can be pressed into service as either a Staff, PAC (Public Access Computer) or server machine.
Since they are just laying around, I've decided to take two of these Pentium 4s and build them up as prototype VPN/firewall servers. They are Dell Dimension 8100 desktop PCs with 1.8Ghz Pentium 4 processors, 256MB of RAM, 20GB hard disks and on-board NICs. They're running Ubuntu Server Edition 6.10--no GUI (Graphical User Interface), or other extraneous software--running OpenVPN, IPtables, Shorewall and openSSH.
The "production" units will be smaller, rack-mountable, use a mini-itx motherboard with a low-power processor, have its operating system boot off a flash memory card, and have no moving parts. The connections will be site-to-site, with the headquarters unit being a bit more powerful to accommodate the other branches.
For more information, check out:
OpenVPN
Ubuntu Server Edition 6.10
Basically, I'd need a computer with a pair of network cards that'll handle traffic and create "tunnels." These "tunnels" are actually pieces of information (packets) that are encrypted at one end, sent over an unsecure medium (the Internet), decrypted at the other end and sent on to the receiving computer. In other worlds, a very powerful and flexible Internet Router.
This is very handy when you have certain applications that you'd want to access remotely (like VNC and Printer Administration) but want kept secure. Though you can buy commercial appliances, they can get expensive and use closed-source software; making changes and upgrades potentially problematic and expensive. On the other hand, I could build them in-house using open-source software and use off-the-shelf hardware to keep costs low.
Currently, I have three older Pentium 4 PCs just laying around that can be pressed into service as either a Staff, PAC (Public Access Computer) or server machine.
Since they are just laying around, I've decided to take two of these Pentium 4s and build them up as prototype VPN/firewall servers. They are Dell Dimension 8100 desktop PCs with 1.8Ghz Pentium 4 processors, 256MB of RAM, 20GB hard disks and on-board NICs. They're running Ubuntu Server Edition 6.10--no GUI (Graphical User Interface), or other extraneous software--running OpenVPN, IPtables, Shorewall and openSSH.
The "production" units will be smaller, rack-mountable, use a mini-itx motherboard with a low-power processor, have its operating system boot off a flash memory card, and have no moving parts. The connections will be site-to-site, with the headquarters unit being a bit more powerful to accommodate the other branches.
For more information, check out:
OpenVPN
Ubuntu Server Edition 6.10
posted by Technology Coordinator at 9:59 AM
1 Comments:
Oh, I hadn't thought about using old computers laying around to beef up network security by VPN. Interesting, I think I'm going to try it myself. Thanks!
Nationwide VPN
Post a Comment
<< Home