Re: how to secure VPN to a SQL server?

Steven,

Thanks for the response, unfortunately my situation is:

1. Some remote clients don't have static IPs (so filtering option on the
VPN server is out)
2. no guarantee the client has anything other than default XP admin account
(they also have legacy software that requires Admin)

Is there any way to restrict the VPN server to only support SQL traffic?

Thanks, Rob.


"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:unBFLf8mGHA.4620@xxxxxxxxxxxxxxxxxxxxxxx
While using virus protection is a great idea there are other things you
should also do. If at all possible the users on the remote computer should
never be in the local administrators or power users group and Software
Restriction Policies can be implemented on XP Pro to control what
applications users do use and minimize the threat of malware. The link
below explains SRP in detail. You should also take advantage of filtering
capabilities of your VPN server to restrict what IP addresses the VPN user
can access and then what ports/protocols they are allowed to access on
those IP addresses. In Windows 2000/2003 RRAS you can configure
input/output filters in Remote Access Policy via edit profile - tcp/ip.
Of course the SQL server must be hardened including that the users have
only the needed permissions to do their job. --- Steve

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx

"Rob R. Ainscough" <robains@xxxxxxxxxxx> wrote in message
news:uharm6vmGHA.4836@xxxxxxxxxxxxxxxxxxxxxxx
I have a deployment package that automatically sets up a VPN on a remote
client PC (public). What I'm concerned about is the client PC obtaining a
virus and that virus finding its way to our server via the VPN. The
client PC's do need Internet access & Email access while the VPN is
enabled. The VPN is used only for communication with the SQL server --
basically a split tunnel VPN solution. (TCP/IP settings, Use default
gateway on remote network is NOT checked)

What are my options?

Thanks, Rob.







.

Relevant Pages

  • Re: VPN clients unable to connect to other resources.
    ... gateway matches the IP of the remote client, and DNS and WINS point to the ... remote (although it takes close to a minute to connect, ... This is just regular Windows VPN, ... VPN server, remote routing and access running on the SBS 2003 server ...
    (microsoft.public.windows.server.sbs)
  • RE: Remote connectivity problems
    ... do you mean you have added a remote client to SBS ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN clients unable to connect to other resources.
    ... Are you saying that an XP Home PC wouldn't be able to connect to a server share over VPN? ... Can ping the SBS but not the client PCs on the same network. ... gateway matches the IP of the remote client, ...
    (microsoft.public.windows.server.sbs)
  • RE: Connection times to devices behind VPN are extremely slow
    ... I understand that the remote VPN client ... You have to rerun the CEICW to make sure your SBS 2003 server have right ...
    (microsoft.public.windows.server.sbs)
  • Re: TS vs VPN
    ... Using TS, w/o VPN ... The remote client connects to your local TS via Remote Desktop. ... "Foo" accesses the SQL server, which is nearby in a protected part of the network. ...
    (microsoft.public.windows.terminal_services)