[NetfreakBombay]

Quote:

Originally Posted by Red Liner

Thanks mate. It will just be 2 or 3 people at any given point of time. When you say, information open to an intermediary server, is that something I should be overly concerned about? Can they mess around?

Both options (VPN Service/DIY VPN) have security issues.

Service:
Service provider can read your data as it passes through the service. This is just like email. If you use Gmail, all your email can be read by Google.

DIY:
You need to open a port to accept incoming VPN connections from internet. This port must be hardened. And you have to keep up with patches released for VPN software.

If you delay patch deployment by a few days, some automated attack would catch that and your network would be used for sending spam and other such things.

For most SME deployments, it is preferable to either use a service or buy a VPN "Appliance".

[Red Liner]

Quote:

Originally Posted by NetfreakBombay

Both options (VPN Service/DIY VPN) have security issues.

Service:
Service provider can read your data as it passes through the service. This is just like email. If you use Gmail, all your email can be read by Google.

DIY:
You need to open a port to accept incoming VPN connections from internet. This port must be hardened. And you have to keep up with patches released for VPN software.

If you delay patch deployment by a few days, some automated attack would catch that and your network would be used for sending spam and other such things.

For most SME deployments, it is preferable to either use a service or buy a VPN "Appliance".

Alright, we're gonna go ahead with the service option and we're trying out teamviewer right now (even though you suggested hamachi).

Any reason why you suggested hamachi over teamviewer?

[longford]

The use case will become more clear once you describe what the guy will do after he logs in using either the service/vpn server.

Is he going to access some intranet site or is he just going to access a folder and pick up some files? Are you also looking to execute programs remotely?

its always tricky to gauge the possible impacts from a security point of view. Hacking has gotten very sophisticated. SSL@256 bits is still pretty good. but beyond that tunnel is the target server, which if exposed on the net can be infiltrated in many ways if not properly hardened. The additional risk is that once the guy lands there, he may get access to the whole corporate network which normally downs the firewall on each machine assuming it to be behind a robust firewall. Get the idea?

To give a teeny weeny example. Back in 2000, I had a 32Mb celeron laptop with 2Gb drive and had this dialup from MTNL. I had BlackIce installed for my protection. The moment I connected to the internet via a phone line, I would get 200-300 probes by unknown IPs which my blackice would block. This was the 2000 and we are 12 years ahead!

[NetfreakBombay]

Quote:

Originally Posted by Red Liner

we're trying out teamviewer right now (even though you suggested hamachi).

Any reason why you suggested hamachi over teamviewer?

Teamviewer is Alto, Hamachi is 4x4 SUV

If teamviewer does the Job then it is better to use teamviewer, because of simplicity.

Hamachi works at a lower level, so more applications/services can be accessed over it (E.g. Database / Source control etc).

[Red Liner]

Quote:

Originally Posted by longford

The use case will become more clear once you describe what the guy will do after he logs in using either the service/vpn server.

Is he going to access some intranet site or is he just going to access a folder and pick up some files? Are you also looking to execute programs remotely?

its always tricky to gauge the possible impacts from a security point of view. Hacking has gotten very sophisticated.

Here's what's decided:

1. I am going to use either teamviewer or hamachi
2. We will use the server to access an internal wiki and documents lying on the server. No executable programs.

Quote:

Originally Posted by NetfreakBombay

Teamviewer is Alto, Hamachi is 4x4 SUV

If teamviewer does the Job then it is better to use teamviewer, because of simplicity.

Hamachi works at a lower level, so more applications/services can be accessed over it (E.g. Database / Source control etc).

So what are the specific things I should do from a security angle before implementing teamviewer or hamachi on the server? The more specific you guys are, the easier for me to implement

Thanks again everybody - you've all been a helluva help.

[manishalive]

Friends,

I have one issue and thought to ask in the forum which has a varied base of members. The issue is as below and I am a complete novice in terms of networking. I appreciate members help.

I have an engine controller giving me a Modbus (TCP/IP) out put for which I have a software on my laptop and can connect physically via a CAT5 cable. Thus allowing me to view and log the data.

The issue is -

1.) How transmit the same over internet (customer / engine owner provided) with required security built in.

2.) What hardware and software (like com port repeaters or VPN)components would be required.

The typical scheme of connection of things would as below. Hope some one can enlighten me on the subject. The budget for buying hardware / Software is capped to INR 25,000 per engine.



Mods: I could not find the required information and hence started a new thread. Please merge if we already have a thread for this query.

[2500cc]

My setup in Nutshell:

I use Asus RT-N66U router, I connect my router to internet through a dedicated WAN port and have my NAS and other systems connected to the LAN ports. I have enabled DDNS and use the VPN connection to connect to my router, through which I access all my devices at home.

[manishalive]

Quote:

Originally Posted by 2500cc

My setup in Nutshell:

I use Asus RT-N66U router, I connect my router to internet through a dedicated WAN port and have my NAS and other systems connected to the LAN ports. I have enabled DDNS and use the VPN connection to connect to my router, through which I access all my devices at home.

Dear 2500cc,

Thanks for the reply the router is a good choice. What VPN connection that you use?? Is that a free licence or did you purchased the same. Also I believe that for the VPN to be workable there should be one server to store all.

Sorry I am a novice in networking. My issue is getting the right security / VPN so that all levels of channels will be able to view the data.

[2500cc]

The router has built in VPN server and its free, There's no server required to store the VPN configuration, the router I use manages it for me.

[manishalive]

Quote:

Originally Posted by 2500cc

The router has built in VPN server and its free, There's no server required to store the VPN configuration, the router I use manages it for me.

Good, now do you install some software on the remote computer to access this router, also can we connect to multiple routers from a same machine. Sorry for asking multiple question.

I will also try to contact Asus for the same.

[2500cc]

I dont use any additional software, I just create a VPN connection (Create connections Wizaed from Network Sharing console on Windows PCs) and dial to that router from Internet, once the connection is established, I can access all the network resources connected to the router.

[manishalive]

Quote:

Originally Posted by 2500cc

I dont use any additional software, I just create a VPN connection (Create connections Wizaed from Network Sharing console on Windows PCs) and dial to that router from Internet, once the connection is established, I can access all the network resources connected to the router.

Thanks This helps, I managed to find a video of the same on internet. This looks good. Now If I have 10 routers at different remote locations??

Is there a software which can allow me to connect to all. The router has in built VPN Server. Any idea if we can have the VPN client installed then I can very easily make my computer a VPN server?

[Saanil]

Hi Guys,
Need help with something for my father. I am not sure if I will be able to describe the issue clearly as it involves few technical things which I have never come across. But I hope that experts here will be able to recognize it.

So my father along with some of his friends is setting up a new company and wants to set up a network in the new office (which involves storing data on a server as told to me by my father). So he contacted one company for this and below is what was suggested to us. Rather than just relying on the company’s word, I would like the opinion of experts here. So here is the list of items sent by the company. Would request people here to tell me if the quote is reasonable or should we negotiate for something better.

IBM X3650 M4 Two Socket Rack Server

1. Intel Xeon E5 2640 v2 (6 x 2= 12 Core) Processor,
2. 64 GB 16 x 4 GB) Memory,
3. 1 TB x 8, 2.5" SATA Hot Swap HDD,
4. RAID 0,5 In-built (M1115 Card) / RAID 5 Key,
5. DVD-Writer,
6. 2 x RPS (Redundant Power Supply)

The price being quoted is 4,94,700/+ (Taxes Extra) with 3 Yrs On-Site Hardware Warranty by IBM Service Center .

7. Win Server 2012 R2 Paper Lic Electronic Mode Without Cal @ 54,500/++ (Downgrade 2008 R2 Server)

8. Win Server 2012 R2 Cal Paper Lic Electronic Mode @ 2150/-Each

9. Win Server 2012 R2 Terminal Lic Electronic Mode @ 7200/-Each

10. 48 D-LINK GIGA NETWORK SWITCH @ 21,800/+

11. WD 4 BAY EX4 NAS BOX @ 24500/-

12. WD 2 TB RED DRIVE BACKUP @ 7900 X 4=31,600/-

13. WD 6 TB RED DRIVE BACKUP @ 21,500 X 4=86,000/-

14. CYBEROAM FIREWALL 15 ING 3 YRS SUBSCRIPTION @ 35,200/++

15. WQ 42 U RACK @ 44,300/+

[Samurai]

Impossible to comment without knowing the requirement. They have quoted for a very powerful server with loads of internal and external disk space. The firewall and switch makes sense. Even the disk drives make sense since you say this is for storage.

What are they planning to use that powerful server for? That is not clear.

[Saanil]

Quote:

Originally Posted by Samurai

Impossible to comment without knowing the requirement. They have quoted for a very powerful server with loads of internal and external disk space. The firewall and switch makes sense. Even the disk drives make sense since you say this is for storage.

What are they planning to use that powerful server for? That is not clear.

Till now, I know that the new work will be related to software development (I know I am not giving enough details, apologies for that). Would it be possible to tell me that if the given configuration is good for my use, whether the cost is fair? For a moment, assume that you are in the market to buy this configuration, would you treat this as a fair price?