Re: VPN
- From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
- Date: Tue, 17 Jan 2006 23:23:38 +1100
try acessing an ACT! database over VPN, the user will _most likely_ corrupt
the database due to slow transfer times.
and yes, I recognise that you are an 'advanced' user, able to implement
restricted VPN in the manner you describe, but the great majority of (even
advanced) firewalls I've seen allow fully unrestricted access to the LAN.
You and I can recognise this, Joe Bloggs doesn't even see the problem.
RWW is better for Joe's needs.
"Leythos" <void@xxxxxxxxxxx> wrote in message
news:vd5zf.16366$tK4.2851@xxxxxxxxxxxxxxxxxxxxxxxxx
> In article <eriVt51GGHA.608@xxxxxxxxxxxxxxxxxxxx>, not@xxxxxxxxxxx
> says...
>> How does this negate the need for VPN?
>> Allowed users can establish a secure HTTPS connection to the server, then
>> take control of their XP workstation in the office through a process
>> known
>> as RDP Proxy, 'Connect to My Computer at Work'. If you have a Terminal
>> Server on the network, and the user is correctly permissioned, you can
>> also
>> 'Connect to my Company's Application Server'. Many tasks which are slow
>> or
>> unreliable over VPN (accessing a large database comes to mind) work quite
>> well over RDP Proxy, due to the fact that only screen updates move across
>> the 'external' connection, access to the database happens at local
>> network
>> speed.
>
> But at the same time, if you have a firewall you don't have to expose
> your server in order to get authenticated with the VPN tunnel and you
> can then limit the exposure through firewall rules.
>
> I don't like exposing a SBS box to the internet at any time without a
> real firewall installed.
>
> I always setup a real firewall appliance, setup a user/password that is
> not the same as the domain user/password, and then limit the users via
> firewall rules to what they can connect too.
>
> In this manner I don't expose ANY server ports inbound (except SMTP, and
> that's proxied through the firewall and filtered) which means when they
> come up with another list of Windows exploits, that I don't have to
> worry about them. This also means that the users VPN into the appliance
> and then can access the same functions (remote desktop to their computer
> or terminal server) just like you would by exposing the server to the
> world.
>
> Everyone raves about RWW, but I don't see the benefit - you still need a
> Desktop or Terminal Server in the office for the users to connect too,
> so you don't gain anything doing RWW, but you expose your server to more
> threats.
>
> --
>
> spam999free@xxxxxxxxxx
> remove 999 in order to email me
.
- References:
- Prev by Date: Re: Drive imaging help...
- Next by Date: POP3 Mail Account in Outlook
- Previous by thread: Re: VPN
- Next by thread: Re: VPN
- Index(es):
Relevant Pages
|
