Re: Travelling laptops over VPN
From: Sooner Al (SoonerAl_at_somewhere.net.invalid)
Date: 11/30/04
- Next message: chetttyson: "Re: Help!!! I get "Access Denied" message ........."
- Previous message: Bill Sanderson: "Re: Travelling laptops over VPN"
- In reply to: Bill Sanderson: "Re: Travelling laptops over VPN"
- Next in thread: Jerry: "Re: Travelling laptops over VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Nov 2004 12:07:49 -0600
I just looked back at this old Cable Guy article which has suggestions concerning the security
issues...
http://www.microsoft.com/technet/community/columns/cableguy/cg1003.mspx
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:O32L5bw1EHA.3596@TK2MSFTNGP12.phx.gbl...
> FWIW--and I haven't done this myself--my understanding is that the way to do this is to use the
> CMAK and distribute the connections to the users after customizing them via CMAK.
>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/vpndeplr.mspx
>
> I'm unclear whether Server 2003 is required to do this. I think not--but again, I haven't done
> it!
>
> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
> news:OybRqOw1EHA.412@TK2MSFTNGP14.phx.gbl...
>> Phillip,
>>
>> That brings up a question that I have...
>>
>> ">One exception would be if the user is using "split-tunneling" with the VPN.
>>> This is done by disabling the "Use Gateway on Remote Network" which is found
>>> on the user's machine within the properties of the VPN Dialup Connectiod. By
>>> default this is not the case,...this is something you would have had to do
>>> on purpose."
>>
>> Does anyone know of a way to disable that via a Group Policy or registry setting? In many cases
>> network administrators would want to do that to prevent the users from enabling
>> split-tunneling... This split-tunneling issue comes up every so often on these forums, primarily
>> from users wanting to find out how to enable it..:-)
>>
>> --
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no rights...
>>
>> "Phillip Windell" <@.> wrote in message news:eq7w1Fw1EHA.1564@TK2MSFTNGP09.phx.gbl...
>>> "Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
>>> news:OSqnr2v1EHA.1300@TK2MSFTNGP14.phx.gbl...
>>>> to a different network (like at a hotel), the firewall is on. That
>>> appears
>>>> to work fine. However, when the user connects to the VPN using the Cisco
>>>> VPN client, the firewall shuts off because it sees the domain. Then, the
>>>> laptop is not protected while on the VPN.
>>>
>>> Yes, it is protected while on the VPN. When on the VPN it is on the LAN, not
>>> the Internet. To get to and from the Internet it must go through the LAN, so
>>> it is the same as if it was physically on the LAN. The laptop cannot get
>>> to/from the Internet directly while the VPN is active. So,...you are worried
>>> for nothing.
>>>
>>> One exception would be if the user is using "split-tunneling" with the VPN.
>>> This is done by disabling the "Use Gateway on Remote Network" which is found
>>> on the user's machine within the properties of the VPN Dialup Connectiod. By
>>> default this is not the case,...this is something you would have had to do
>>> on purpose.
>>>
>>> Another thing to keep in mind is the false sense of security you may be
>>> feeling from the firewall. Typically the firewall has no effect on viruses,
>>> worms, trojans, spyware/adware and those are actually the worst threats you
>>> face. The primary defence from those is not the firewall but is the AV
>>> software and the level of the Security settings in the User's browser. So
>>> you may be all worried about something that isn't even protecting you from
>>> what you fear in the first place.
>>>
>>> The primary role of the firewall is to prevent other users from connecting
>>> to running services on your machine,...primarily that would be File & Print
>>> Sharing, but there are others.
>>>
>>> --
>>>
>>> Phillip Windell [MCP, MVP, CCNA]
>>> www.wandtv.com
>>>
>>>> I could configure the firewall to be on all the time, but doesn't that
>>>> make management difficult? I don't want to setup firewall exceptions for
>>>> managing the laptop while it's on the domain, because those same
>>> exceptions
>>>> will apply while the laptop is connected to the VPN. I'm not completely
>>>> sure what the risks are.
>>>> I've been using Nmap to test the firewall with TCP, UDP, and TCP SYN
>>>> stealth port scans. But, to be honest, I'm not even sure if that's the
>>> best
>>>> way to test. However, I do get scan results that are consistent with the
>>>> firewall being on or off.
>>>> I've entered a cornucopia of frustration, and am looking for pointers,
>>>> suggestions, or facts backed by people with experience in this type of
>>>> setup. Any help would be greatly appreciated.
>>>>
>>>> Thank you,
>>>> Jerry
>>>>
>>>>
>>>
>>>
>>
>
>
- Next message: chetttyson: "Re: Help!!! I get "Access Denied" message ........."
- Previous message: Bill Sanderson: "Re: Travelling laptops over VPN"
- In reply to: Bill Sanderson: "Re: Travelling laptops over VPN"
- Next in thread: Jerry: "Re: Travelling laptops over VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
