Re: Remote access and security
From: Merv Porter [SBS-MVP] (mwport_at_no_spam_hotmail.com)
Date: 01/18/05
- Next message: Jim Behning SBS MVP: "Re: Connectivity issues"
- Previous message: Rebecca Chen [MSFT]: "Re: Domain user profile authentication and AD issues"
- In reply to: Neil Jordan: "Remote access and security"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 18 Jan 2005 08:20:59 -0500
ISA is an "industrial strength" (ICSA certified) firewall and in conjunction
with your Speedtouch running NAT, this combination should provide a good
level of security from external intrusion. IMO, the bigger problem comes
from the inside your LAN (malware hiding in email, etc.). Good antivirus
software both at the file server level and for Exchange, can go a long way
here. Only open those inbound ports on the router that are absolutely
necessary.
Another problem is that you probably won't have much control over the
machines at the remote users end (vrius protection updates, security
updates, etc.). If you use VPN, RDC or RWW connections where the hard
drives of the remote and local machines are allowed to ber connected for
file transfer, trojans and other malware may penetrate your LAN. As long as
the remote users have access to Win XP Pro machines on the LAN, a better
approach may be to not allow VPN and only allow RWW or RDC sessions without
file transfer (there are some reg edits that will allow you to remove the
"connect disks" line item from the RWW Options menu). Since RWW and RDC
sessions are an implementation of Terminal Services, by default they only
send screen shots between computers. All processing is then done on the
local LAN computers and saved to the server for daily backup. As with most
remote connecttions, this most often requires a broadband connection at
botht eh server and the remote user.
Mail can be accessed using RWW, RWW with OWA, or a straight OWA session.
These methods, when set up properly, are secure.
Of course, bringing work in from home (on removable media such as floppies,
CDs, USB flash drives, etc.) should also be scrutinized.
It's all about productivity, risk assessment and control.
-- Merv Porter [SBS MVP] =================================== "Neil Jordan" <neilj@magiglo.co.uk> wrote in message news:O1lHQRU$EHA.3180@TK2MSFTNGP10.phx.gbl... > I am contemplating enabling our external users the ability to use our > SBS2003 server externally for emails, file access etc, but I have to get > over the problem of security. > > I will shortly have a fixed IP address setup by my ISP, connecting via ADSL > into a SpeedTouch 510 to my SBS2003 with ISA server setup (using 2 network > cards). > > Can anyone offer any advice as to wether I need a seperate Firewall device, > or anything else to ensure - my Director's are VERY nervous about security! > > Thanks > > Neil > >
- Next message: Jim Behning SBS MVP: "Re: Connectivity issues"
- Previous message: Rebecca Chen [MSFT]: "Re: Domain user profile authentication and AD issues"
- In reply to: Neil Jordan: "Remote access and security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
