Also check out the Mikrotik routers - the 450G works great, and supports
hosting OpenVPN, L2TP and IPsec based VPN services on the same router.
Complete solution for about £80.
Cheers,
James Harrison
On 26/11/12 10:05, Wayne Merricks wrote:
I second the Open VPN approach, if you can spare a box of any sort for a
serious firewall, look at pfsense.org it was really easy to set up and has some
other additions that kicks the ass out of my old Cisco PIX Firewall (and the
newer ASA).
Stuff like:
Failover WAN
Traffic Shaping
Traffic Monitoring/Logging via transparent proxy
Caching including Youtube videos via the same proxy
On the fly virus scanning
-----Original Message-----
From: [email protected] on behalf of Kevin Miller
Sent: Sun 25/11/2012 23:32
To: User discussion about the Rivendell Radio Automation System
Subject: Re: [RDD] security breach
On 11/25/2012 10:51 AM, James Harrison wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Best approach is not to use passwords - SSH keys are simple to set up
and you can disable password authentication in sshd, which makes your
system practically uncrackable.
Took the words right out of my mouth. The other thing I like to do is
disable ssh 1 and ssh to root. If you need root access from afar, ssh
to a non-privileged account then "su -" to gain root.
Fail2ban is also an excellent program to run - it will automatically
block in iptables anything that fails to login more than a few times,
which stops most automated bots.
As a further step, you could set up an openVPN server and not expose
your rivendell box to inbound internet traffic at all. You create a
tunnel to the openVPN server then you're 'local' and can ssh to the rd
host. Linux Journal had a great three part write-up on this a few years
back in the Paranoid Penguin column. (The ssh/openVPN part, not the
rivendell part.) Best of luck with the cleanup...
...Kevin
_______________________________________________
Rivendell-dev mailing list
[email protected]
http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
_______________________________________________
Rivendell-dev mailing list
[email protected]
http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
