On Mon, 02 Feb 2009 12:01:11 +0000, mark@quarella.co.uk said:
I can set the laptop up using wireless security passwords/keys which are not disclosed to the end user, however the end user will of-course have access to the settings from the laptop which they could duplicate on another laptop should they choose to, and we've been asked to tie it to the laptop that's supplied as far as possible.
Install OpenVPN on each end and secure it with X.509 certificates (not too hard to do, and good documentation on the OpenVPN website). Firewall the black box to only allow remote incoming access via the VPN. Now only PCs with a valid certificate will be able to connect to the black box.
OpenVPN runs on Windows, Linux and MacOS, so any client that runs any of them would be suitable.
If the laptop user has root access to either the laptop or the black box, they'd be able to set up another laptop to access the black box (assuming sufficient skill), but it would not be possible to prevent that (so don't give them root access).
hth, Keith