Secure data from a server to a workstation using jumper hosts

Posted by apalsson on Server Fault See other posts from Server Fault or by apalsson
Published on 2009-12-14T15:57:46Z Indexed on 2010/04/15 22:03 UTC
Read the original article Hit count: 277

Filed under:

vpn

|

www

|

security

|

remote-desktop

Hello.

I have a WWW-server, my problem is that the content is sensitive and should not be accessible for people without proper credentials.

How can I improve the ease of use but still maintain security following scenario;

The Server is accessed through a "jumper host", i.e. the client connects to the jumper using VPN-connection and uses RemoteDesktop to access the jumper. From the jumper he uses RemoteDesktop again to access the Server. Finally on the Server the user can access content using a WWW-browser.

All the way from the VPN-client to the WWW-browser requires authentication using a SmartCard-token.

This seems quite secure to me. Content only gets mirrored on the RemoteDesktop between Server and jumper, no cached files to worry about. Connection between jumper and client is protected using VPN(ssl), so no eavesdropping.

But it is quite cumbersome for the clients with many steps and connections to open. :(

So, how can I improve the user experience accessing my server without compromising security?

Thanks.

© Server Fault or respective owner

Related posts about vpn

Problem with setup VPN in Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Problem with setup VPN on Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
l2tp / ipsec debian Openswan U2.6.38 does not connect

as seen on Server Fault - Search for 'Server Fault'
i am trying to get ipsec/l2tp running on a debian server with an iphone as a client but always get: Dec 2 21:00:04 vpn pluto[22711]: packet from <clientip>:43598: received Vendor ID payload [RFC 3947] method set to=115 Dec 2 21:00:04 vpn pluto[22711]: packet from <clientip>:43598: received… >>> More
Setup VPN issue on Ubuntu Server 12.04

as seen on Server Fault - Search for 'Server Fault'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Cannot connect with Cisco VPN but can connect with ShrewSoft VPN

as seen on Server Fault - Search for 'Server Fault'
EDIT: We connected an air card to the computer to use a different Internet connection and using the Cisco software, we were able to successfully connect to our VPN server. I just don't understand why the ShrewSoft VPN client would connect but the Cisco connection won't. I'm not our network admin… >>> More

Related posts about www

error about ACPI _OSC request failed (AE_NOT_FOUND)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have ubuntu server 11.10 64 bit I see an error in kernel.log. This error comes out when the server reboot. some port of grep APCI in kernel.log; Dec 5 09:08:51 www kernel: [ 0.588605] pci0000:00: Requesting ACPI _OSC control (0x1d) Dec 5 09:08:51 www kernel: [ 0.588667] pci0000:00: ACPI _OSC… >>> More
www do not equal no www

as seen on Server Fault - Search for 'Server Fault'
I have a website with dns pointing to my own server. the website WITH www.mysite.com lead to the right site, but the address mysite.com lead to a publicity site that I DONT CONTROL I like to make www.mysite.com and the mysite.com lead to the same DNS Can i make it with .htaccess or with google analitic… >>> More
Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
Prevent malicious vulnerability scan increasing load on a server

as seen on Server Fault - Search for 'Server Fault'
Hi all, this week we have been suffering some malicious vulnerability scans to our servers, increasing the load on them, making them nearly unusable. The attack is easy to defend, just blocking the offending ip, but only after discovering it. Is there any form of prevent it? Is it normal that… >>> More
centos dedicated Server unresponsive for the first time

as seen on Server Fault - Search for 'Server Fault'
server was unresponsive for an hour so i rebooted it and checked /var/log/messages and found this. can anybody point out whats wrong ? Sep 28 07:39:35 www kernel: INFO: task mysqld:22749 blocked for more than 120 seconds. Sep 28 07:39:35 www kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs"… >>> More