|
|
On Wed, 2006-01-04 at 17:38 +1300, Jason Haar wrote: > Jon Bendtsen wrote: > > > > No, i dont think you can do that, but using the management interface you > > can disconnect a client. And since you already do a firewall, i would > > simply > > just install a firewall that only enables you to scan the client. Then > > decide if > > the client is safe or not, and either disconnect the client or lift > > the firewall such > > that the client from the inside of the tunnel has what ever access you > > want it > > to. > Should work fine. This sort of action is the basis of Network Admission > Control. > > 1. Accept connection from client - but block their access to everything > but the Access Server (OpenVPN in this case) > 2. Scan new client to check its "health". You might require all remote > clients allow you administrative control (or root). Your network - your > rules. You > could connect and dump current routing tables (Windows or Unix) to > check for gatewaying/etc. > 3. If "healthy", all client access to whatever internal network > components you wish. If not, drop connection or redirect to "quarantine > network" where > remediation can occur (or it could be to simply place a transparent > proxy rule to redirect all their Web traffic to a server you control > telling them why > they have been blocked). > 4. Profit!!! ;-) > May I ask, what kind of tools are being used to scan these systems? I can certainly think of NMAP, maybe Nessus although I'm a little hesitant there. What else? Are there any good how-to documents on the subject? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx If you would like to participate in the development of an open source enterprise class network security management system, please visit http://iscs.sourceforge.net ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-01/msg00060.html on line 224 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-01/msg00060.html on line 224 |