Friday, July 25, 2008

SSLVPN

Recently, I implemented a new change to my home networking infrastructure. Originally, I had some port forwards for RDP and SSH open to all Internet space. This was not good as people on the Internet can do brute force attack on these services.

Now, I had implemented a SSLVPN service at my home network to act as the first authentication gate. The product I am using is SSL-Explorer from 3SP (http://www.3sp.com/). The product gives me 1st tier defence by authenticate over a browser. I added two factor authentication by SMS. The product natively support SMS gateway from Clickatel (http://www.clickatel.com/). The implementation experience was great as the whole installation and profile provisioning only costs me less then 3 hours with AD integration.

In order to avoid certification untrust issue every time I connect via the SSLVPN, I bought a SSL certificate from GoDaddy (http://www.godaddy.com/).

After all these implementation, I disabled all direct port forwarding except TCP 443 to SSLVPN service.

The total investment for this project:
  • AD - already have, nothing added, $0
  • 3SP SSLVPN license -using 2 concurrent users free license, $0
  • PC based server - using a virtual machine with CentOS, $0
  • SMS Gateway - Clickatell, HK$100 for about 220 SMS send out credits (about HK$0.45 per authentication)
  • SSL Certificate - GoDaddy, US$14.95 for 1 year
  • My time - 3 hours of design and implementation

In shout, for home use, it does not cost a lot if you do not need SMS OTP. Other methods of two factor authentication can also be used, like digital signatures, OTP tokens, etc. However, I think SMS is the most accessabile way for me.

1 comment:

zairababayan said...

Casino City Hotel & Casino, Biloxi, MS | MapYRO
Compare reviews, 목포 출장샵 photos & 1k off at 안산 출장샵 Casino City Hotel & Casino in Biloxi, 이천 출장샵 MS. Get driving directions, 이천 출장안마 reviews and information for this 제주도 출장샵 property.