On 6/12/06, Don Munyak <don dot munyak at gmail dot com> wrote:
> I have setup router-to-router IPSEC with m0n0wall with success, but in
> trying to be security conscientious, I was leaning away from using a
> full time connected tunnel for this application. I beleive that with a
> full time tunnel, if one of the co-lo servers is compromised, the
> attacker conceiveably could have access to our main office (and
> vice-versa) ...???
I think I would probably go with the full time tunnel, because it can
be setup just as securely and should require less upkeep (client VPN
leaves more room for user error, and is yet another piece of software
to worry about). On the colo end, I would probably not allow the
servers to initiate any traffic to your LAN (unless they specifically
have to. the reply traffic gets let through by the state table). So,
as long as your firewall doesn't get compromised, the servers won't
have access to your LAN.
Then, on your network, put in rules on the LAN to control what hosts
on your LAN can access the colo servers.
That's the most clean solution, IMO. I wouldn't worry about that
tunnel being up all the time. Only having it up part of the time
doesn't buy you much.