Re: router - firewall

For $200, you can build a decent machine and run Smoothwall. Mine is a
533mhz w/ 256mb ram.
http://www.smoothwall.org/
Use the 2.0, since 3.0 is still Alpha...many people make the mistake of
getting 3.0 and find out it's buggy.

I have it in front of our Exchange server. I also have many 'mods' from
the 'homebrew' section of the support forums. Adzap, VPN, OpenSwan,
Squid, Sheilds Up, Labrea tarpit/honey pot, Guardian, etc.
The only issue I've had with it is UPS, but I haven't taken the time to
fix it; and I had Guardian extra touchy and it was blocking our DNS servers.

Leythos wrote:
> In article <11trh1tqnhoem0a@xxxxxxxxxxxxxxxxxx>, bzyfon@xxxxxxxxxxxxxx
> says...
>
>>hmm.... I'm not an IT guru at all :)
>>but isn't VPN the best way to access
>>company server working for example at home
>
>
> Several things:
>
> Firewall Appliances, you won't find quality units with any reasonable
> set of features for under $1000 US, and most of the good ones will run
> about $2000 for a full set of features like HTTP Proxy and SMTP Proxy
> services that can filter content (things you don't want) out of those
> sessions to provide a great level of protection.
>
> VPN, any VPN you setup for file sharing will be slow, not because it's a
> VPN, but because most users will have slow internet connections when
> compared to their normal office LAN connection. What we see is people
> that browse the network shares, click on a 200 meg file, then click 6
> more times since it didn't open instantly, then wonder why their machine
> is just sitting there - it's because it can take several minutes to
> actually open a 200 meg file over a DSL/Cable connection.
>
> Users that have dedicated workstations at the office - you can do remote
> connections several ways:
>
> 1) User VPN's into firewall appliance and then RD's into their work
> computer - firewall limits access to just their dedicated workstation.
>
> 2) User RWW's into company and does the same
>
> 3) User accesses workstation via RD or VNC and the firewall limits
> connections to users by IP address ranges.
>
> 4) Setup a dedicated Terminal Server box and then use method #1 except
> the connection is to the Terminal Server, not their desktop computer.
>
> There are other methods, but not as pretty.
>
> We setup most offices with a VPN into a firewall appliance, then limit
> them to their workstation or the terminal server and to specific ports
> needed to reach those, which means that a home users compromised
> computer (viruses) can't spread to the office computer (since we don't
> allow all ports via VPN and we don't allow mapping of drives in a RD
> session).
>

.

Relevant Pages

  • Re: router - firewall
    ... Adzap, VPN, OpenSwan, ... but because most users will have slow internet connections when ... the connection is to the Terminal Server, ... We setup most offices with a VPN into a firewall appliance, ...
    (microsoft.public.windows.server.sbs)
  • RE: Low budget VPN?????
    ... Setup RRAS to allow VPN connections and make sure it's working. ... Setup RRAS to allow connections to Terminal Server (TCP port 3389) from only ...
    (Security-Basics)
  • Re: Industry Standard Security and guest wifi access best practice
    ... with IPSEC VPN clients has not been positive. ... Then they probably won't support other forms of security. ... to switch all connections into SSL mode. ... Use WPA to encrypt wireless traffic, ...
    (alt.internet.wireless)
  • Re: VPN between office and Home
    ... Hard Drive as my second location backup for my SBS2003. ... On the XP box at home, go to Control Panel -> Network Connections. ... for my second location backup my main server files. ... That is why I want to get a VPN ternnel instead of client VPN or RWW. ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS resolution order with multihomed host
    ... I'll try with the VPN ... >> public through Internet. ... > connections through PPTP are by private addresses and are encrypted. ... > need to be open for Active Directory. ...
    (microsoft.public.windows.server.dns)