[Gllug] [OT] SSH or VPN?

[Simon Wilcox]

Tom Weissmann wrote:
> Our clients like us to be able to dial in a fix things on their system, 
> but they are suitably paranoid; since they let us connect using a VPN, 
> they stipulate that any computer on their VPN must be completely 
> disconnected from our network.

How about a firewall at their end that only allows you to access the 
machines you need to access ?

If you needed to access different machines at different times, you, or 
they, could select a predefined ruleset via a command line or even a web 
form (ssl protected of course) for each machine.

The ruleset is applied and then you have a restricted view of their 
network. I can quite understand why they'd be unhappy to allow a wide 
open network to network connection but a keyhole firewall seems like a 
good compromise to me.

Simon.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug