Virtual Networking between Debian and Microsoft Windows systems
Virtual Networking between Debian and Microsoft Windows systems
First of all, I'm not really looking for a detailed HOW-TO on how I
could build this system, although if there is such a thing I will
gladly read it. I'm mainly seeking discussion on the various methods
of implementing this system and the various security issues involved
as well as known good security policy practices for a system like this.
HERE'S WHAT I WANT TO DO
I want to set up a secure tunnel between my Debian system on a DSL
line and a remote machine which will probably be running some version
of Microsoft Windows that will most likely have a semi-fast connection
to the Internet such as DSL, Cable or ISDN.
The remote computer will possibly use some form of Kerberos
authentication to access certain computers on my LAN or just to access
the LAN its self.
I want to set it up so that I don't have to worry about a remote
machine, connected to my LAN in this manner, being able to packet
sniff my network traffic, spoof IP addresses on my LAN or use ARP,
etc. to hijack connections between my machines or connections between
my machines and machines on the Internet.
I would also like to know how to make a Debian machine act like a
managed switch because I don't have money to purchase one. I might
possibly be able to use firewall rules to do this but I don't know
how. I don't have much knowledge in this area. Using a managed switch
helps prevent the connection hijacking I talked about above as far as
I know anyway. I think that this would possibly require a machine with
a bunch of NIC's to act like a switch. Or I could possibly somehow
make the ARP in my machine only listen to certain MAC addresses
although MAC's can be faked.
I think some of you might be running this system on a corporate or
maybe a university system. I want to set this same system up at home
for a small amount of users mainly for the security offered but also
for the experience of learning how this can be implemented.
I was reading that the Microsoft PPTP protocol isn't all that secure
so I am trying to find an alternative type of tunneling protocol. As
for the actual protocol, anything that is very secure that will run on
both Debian and a Windows machine will be ok. I was thinking about
using something like blowfish for the actual encryption. I was reading
how using TCP/IP encapsulation (tunneling) over a TCP/IP type
connections like pppd is really prone to failure and SLOW connections.
What other kinds of connections are available for my application?
I also need to know the types of software needed for both a
Debian/Linux system on one end and a Microsoft Windows system on the
other end. This system will possibly use LDAP and/or Kerberos type
security with fire walls. Cost _IS_ a factor since I am mainly doing
this as a hobby and not for a company, etc. I simply don't have money
to spend buying some off the shelf type of tunneling system.
I can compile source DEB packages, etc. but am NOT a coder and have a
hard time applying a software patch unless it comes with detailed
instructions. I don't really like doing this as it is hard to keep up
to date with security patches when they are released because of the
complexity of applying patches to everything.
My eventual goal is to set up a secure corporate type of security
system (on a smaller scale without compromising security) with my
Debian. Using something similar to this maybe: (pardon my ASCII art
skills) (I can use multiple computers on my side of the connection if
necessary.)
+-----------------------------+
| Microsoft Windows machine |
| +-------------+ +--------+ | +----------+
| | remote user +--+ secure +-+-+ Internet |
| | or a LAN | | tunnel | | +------+---+
| +-------------+ +--------+ | |
| | +-----+--------------------+
+-----------------------------+ | | Debian system |
| +---+------+ +--------+ |
| | my local +--+ secure | |
| | firewall | | tunnel | |
| +----------+ +---+----+ |
| | |
+-------------------+------+
|
+----------------------+ +----+---+
| access to systems or +--| my LAN |
| services on my LAN | +--------+
+----------------------+
I am probably leaving out some major details in my diagram. I would
like to find a good network model for the system I am trying to
implement.
Currently, I use PuTTY with SSH to access my Debian which works ok,
However, I was wanting additional secure access to my Debian system
and my LAN from the outside.
WHAT I WANT TO KNOW
What cheap/free software solutions are available for implementing this
on a Windows platform?
What are the security risks of running this system over the Internet?
What is considered extremely strong, corporate grade encryption? What
key length, etc. should I be concerned about? I want my LAN to be just
as secure as any good corporate network.
What is the most secure way to use tunneling between a Linux system
and a Windows machine?
What are the other types of tunneling are there besides Microsoft
PPTP?
How do you keep people from hijacking your data connections to other
computers on your LAN as well as to computers on the internet from
your LAN?
Any other relative information would be most helpful such as FAQ's,
HOW-TO's, books on tunneling, using WAN connections over the Internet,
etc. Please include URL's if you can find any.
Reply to: