DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 10th August 2009
wesley wesley is offline
Real Name: Wesley
Shell Scout
 
Join Date: Aug 2009
Location: Reunion Island
Posts: 92
Post IP Security Policy Management snap-in

hello everybody !

Im using OpenBSD 4.5 as a gateway @work. There's 2 locations :
Site A and Site B.

Site A has a server with Microsoft Windows Server 2003, and a soft to backup on ftp ; there's only a netgear modem router ; public address : 1.2.3.4

Site B has our ftp server behind our gateway (OpenBSD)
public address : 5.6.7.8

When we try to connect ftp on Site A, it works fine. But it is not safe, efficient. So i wish to add an ipsec layer.

Is it possible to use "IP Security Policy snap-in" on windows server 2003 to secure the ftp data transmission (modify pf.conf) ? Or is there an other way ? How can i start, proceed ??
Thank's for your advices !
Reply With Quote
  #2   (View Single Post)  
Old 10th August 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

There may be secure alternatives to ftp which are easier to implement, test, inspect, and manage than IPSec: sftp, for example. ftp is a poor choice for file transfer, because userids, passwords are sent in the clear, as is the content.

For sftp, a commercial SSH client for Windows can be acquired, or, Putty's PSFTP may be used, or OpenSSH can be used under Cygwin.

IPSec:
--------
AFAIK, the "snap in" does not work. There are some freeware alternatives, which implement IPSec policies without the snap-in:

Microsoft: downloadable ipseccmd.exe program -- I've never tried it, but I've read that it is possible to get IPSec working with it.

Draytek Smart VPN Client: I use this with several WXP desktops. It does not recover automatically after a timeout, so would not be appropriate for server use.

Shrew Soft's VPN Client for Windows: several other Daemonforums users like it, though, like MS's software, I've not used it.

Setting up IPSec on OpenBSD is fairly easy, it is even easier when both ends of your tunnel are OpenBSD. Google for "zero to ipsec in 4 minutes" for one simple example of the latter.
Reply With Quote
  #3   (View Single Post)  
Old 11th August 2009
wesley wesley is offline
Real Name: Wesley
Shell Scout
 
Join Date: Aug 2009
Location: Reunion Island
Posts: 92
Post secure ftp

First, thank you for your reply.
I must use our ftp server(RAID 5), it is a Linksys NAS, so i can't use sftp.
And i can't put an other OpenBSD Gateway on Site A.
It only remains for me to try ipseccmd, if someone can advise me others ways to secure our ftp...thks
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Policy routing bsd and cisco clone Guides 1 17th August 2009 04:57 PM
A PF packet tagging (policy filtering) question... Quaxo OpenBSD Security 2 30th March 2009 10:47 PM
Enforce a better user password policy anomie Guides 8 7th November 2008 09:10 PM
Help with OpenSolaris package management roddierod Solaris 2 6th August 2008 03:11 PM
OpenVPN management bichumo General software and network 0 15th July 2008 09:05 AM


All times are GMT. The time now is 09:25 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick