LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

fix minor typos in Secure-BootCD-VPN-HOWTO.sgml

This commit is contained in:
Jason Leschnik 2016-10-24 22:27:06 +11:00
parent 9a6d326251
commit e1f8fb278e
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
LDP/howto/linuxdoc/Secure-BootCD-VPN-HOWTO.sgml
View File

@ -127,7 +127,7 @@ Since many people are already familiar with openVPN, this seemed like a good ide
<item>key loggers on the external client box
<item>attacks directly on the internal Windows(tm) box through the VPN ports that are now open and exposed on the Internet.
<item>viruses, spy ware and other malware on the client box infecting the internal workplace desktop (and any others that it has connection with) through the established VPN connection.
<item>having the private key stored on multiple desktops around the organization on unsecured desktops. Someone with access to that key (which would need to be on the internal machine in order to establish the the VPN connection) could allow unauthorized key-making.
<item>having the private key stored on multiple desktops around the organization on unsecured desktops. Someone with access to that key (which would need to be on the internal machine in order to establish the VPN connection) could allow unauthorized key-making.
</enum>
<item>Only the specific external machine that is setup by IT services personnel would be able to connect and use the resources, when what is actually desired is that the authorized user can get access from anywhere.
</enum>
@ -274,7 +274,7 @@ The choice of DSL means that we are relying on DSL's built in ability to automat
<!-- =========================== -->
<sect>Maintenance
<p>
Once built there is NO maintenance to the CDs. If you need to change the private key password for the the individual user, burn them a new CD. If they lose a CD, give them a fresh burn. If the CD gets destroyed, give them a new copy.
Once built there is NO maintenance to the CDs. If you need to change the private key password for the individual user, burn them a new CD. If they lose a CD, give them a fresh burn. If the CD gets destroyed, give them a new copy.
The openVPN server requires little maintenance. It is recommended that you periodically check the openVPN logs on the server to determine the likelihood of nefarious activity and act accordingly. Usage-tracking is beyond the scope of this document.
@ -575,7 +575,7 @@ proto udp
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# rules for the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.