VPN for the paranoid?



  • Hi,

    I've setup VPN access, but I'm not really sure how to setup the rules for it the best way…

    If I'm going to use RDP to connect to a computer inside the LAN net, every other block rule I set for the VPN net that doesn't already exists for the LAN net feels pretty much obselete? Because I'd still have the ability to do pretty much everything from the RDP'ed computer inside the LAN... Well, OK, I need a second password to RDP, but still.

    Any input on this?



  • For paranoid setup you will need a dmz for this RDP server, so you can apply rules between RDP and LAN



  • Hmm…

    Since everything I want access to, and everything I want to protect from others, is on the same computer, putting it on DMZ doesn't really do any difference? Storing it on different places isn't really an option either, because it's the same things I want access to as I want others NOT to have access to (personal stuff).

    I'm guessing though, that VPN should be pretty secure. If I'm not mistaking, Someone would pretty much have to steal my laptop (getting the certificate) and get my vpn login/password to be able to get in?



  • @Floddy:

    If I'm not mistaking, Someone would pretty much have to steal my laptop (getting the certificate) and get my vpn login/password to be able to get in?

    That's it. :)

    If you have your laptop stolen, change certificate, password and rename your user as well.


Locked