Security

Sometimes you need to secure communication for an internet service that does not support TLS functionality. For example, I needed to perform secure file synchronization over the Internet using rsync, but it does not support TLS. I didn't want to use SSH tunneling as that requires additional security lockdown to prevent the remote user from running shell commands. To solve this problem the tool Stunnel provides an encrypted TCP tunnel back to your un-encrypted service.

A friend of mine hosts a lot of Wordpress sites and we regularly see a lot of brute force attempts from many different IP addresses repeatedly tring to login to the admin section of the site at wp-login.php

I have been thinking about the pros and cons of implementing remote access using VPN (such as OpenVPN) vs. an application level remote access such as SSH or Remote Desktop.

Some of the arguments I have seen made for using Remote Desktop over a VPN is that any viruses or malicious software running on the connecting user's computer cannot directly affect the services running inside the corporate network.

Another argument for Remote Desktop is that unlike VPN, the user's computer network is not directly connected to the corporate network, so any malicious traffic coming from the Internet cannot make its way into the remote network - so called 'Split Tunnelling'.