How to securely allow a vendor into to my network via the internet

gardoin · ‎10-29-2002

I need to explain to my customers how to allow my company consultants into their network and access a HP-UX workstation. This workstation has an IP address on there network.

I usually access the system via a Cisco Access Server but I have slow connections because it is using dialback via telephone lines. One customer I went to gave me access over the internet by giving me a password thru their firewall and then forwarded me to the IP address of the HP-UX workstation. They also restricted that connection to only my IP address. Anyone else who tries to access that internet address will timeout.

I want to know how to accomplish this goal. If you can help please reply. Thanks

scottmac · ‎10-31-2002

SSH is your friend.

It is essentially a secure Telnet client/server. All you'd have to do is poen a port on the firewall to allow port 22 to traverse the firewall on a static mapping to the HP.

SSH can be set up to use ONLY specific (strong encrypted) keys that are pre-configured on each end (no passwords, no clear text).

The other slick thing about SSH is that most server/clients also come with an SFTP application through the encrypted tunnel, so you can transfer files (as permitted by the server configuration) either way.

You can also pass "X" traffic, or any other (specifically configured) port either way throug the encrypted tunnel.

SSH is very secure, and using PKI absolutely minimizes the security exposure.

Check out ssh.com, openssh.org, f-secure.com, and vandyke.com.

SSH is available as open source @ no cost; the commercial products have more features, support, etc.

Good Luck

Scott