Re: VPN Question

From: Jeff Grossman (jeff@stikman.com)
Date: 10/16/02

• Next message: Jeff Grossman: "Re: VPN Question"
• Previous message: NeoSadist: "Re: DMZ file security"
• In reply to: Mesomorf: "Re: VPN Question"
• Next in thread: Pete: "Re: VPN Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Jeff Grossman <jeff@stikman.com>
Date: Wed, 16 Oct 2002 11:22:36 -0700

Mesomorf <newsgroup@only.please> wrote:
>> If the remote user had their own router/firewall then, yes, security is
>> increased but how responsible is the remote user going to be? Do they
>> really know how to configure and then check that the router/firewall is
>> secure?
>
> Well, let me quote Jeff Grossman (author of this thread):
> "I am going to use the Linksys VPN router at the remote sites"
>
> ..so they WILL be behind router/firewall..and I guess he will configure all
> remote sites (offices i guess) so the security will be there.
>
> And I know alot companys (small companys) that use Linksys product on the
> office to connect to Internet ..so that is why I am talking about "same
> security" on VPN and local office.
>
>> Lockdown the PC while the VPN is active ... better safe than sorry.
>
> .but I can?t say that I dissagre with you Bernie.. better safe than sorry :)
>

That is correct. I am going to use a SnapGear firewall/router at the main
office and Linksys VPN firewall/router at each remote location. The
remote location will not have any open ports and will not allow inbound
traffic. But, they will allow outbound traffic to the internet.
Actually, they will allow inbound traffic, but only over the VPN tunnel.
Now at the office, I do allow a few ports to come in for e-mail purposes.

Jeff

-- 
Jeff Grossman (jeff@stikman.com)

---

• Next message: Jeff Grossman: "Re: VPN Question"
• Previous message: NeoSadist: "Re: DMZ file security"
• In reply to: Mesomorf: "Re: VPN Question"
• Next in thread: Pete: "Re: VPN Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: VPN - what happens now ... > over a straight RDC session because of the SSL encryption before it turns ... > the LAN and also can introduce security risks. ... > As for eliminating VPN... ... > the LAN for remote login. ... (microsoft.public.windows.server.sbs) Re: Remote Access and ISA Server in SBS 2003? ... I am glad to hear the Remote Access Wizard is working fine now. ... there is no difference in VPN between SBS 4.5 and SBS ... Error Message: VPN Connection Error 800: Unable to Establish Connection ... the external NIC of the SBS Server. ... (microsoft.public.windows.server.sbs) Re: authentication problem with outlook 2000 and "workgroup" account ... would lower the security a bit. ... (outlook, vpn access, etc.). ... I don't know a lot about Outlook 2000, ... >> I occasionally setup remote users laptops for my company. ... (microsoft.public.win2000.security) RE: VPN Problem with a domain account versus local computer account ... logon domain remotely. ... allow VPN client access, and there is a client computer that is configured ... Enable remote access on domain user accounts ... (microsoft.public.windows.server.sbs) Re: SBS VPN setup? ... Do you really think it is easier to set up a RWW in SBS 2003 R2 Standard as you claim? ... Note that almost all routers are not designed to allow more than one PPTP VPN from the same remote IP address, (the PPTP protocol does allow for the possibility of multiple tunnels, but they must share a control channel, which means it can't be done from separate remote computers behind one NAT router without fairly exotic packet handling) so if you need multiple users at one site you really need site-to-site VPN. ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2002-10