Re: Another RWW versus VPN question

John wrote:
Setup

SBS2003 SP1 Standard
Dual NIC
SonicWall TZ150 with IPS, Antispyware and Antivirus services running

Ports 25,443,444,1723 and 4125 open


I have a client that recently had a programmer from a large security based company come by and demo the Access database he is working on for them.

During the meeting (which I was not at) he tells the employee that hired him and the owner of the company that the current system is not very secure and that he would never trust Microsoft to be responsible for the security of remote access. His solution is a PIX firewall and VPN access.

My client has asked me to put in writing the differences between his solution and our current solution.

I have been researching on the web and newsgroups but haven't found anything that gives me any concrete info on RWW versus VPN besides RWW not allowing full access to the network like VPN. i.e viruses infecting the network from the remote client


Is a VPN tunnel more secure that SSL? 128 bit versus 256?

Is having the SBS box perform the authentication for access inherently less secure than having a hardware device authenticate?

Does anyone know if my setup is compliant?



They deal in financial information and the Sarbans Oxley Act keeps getting brought up

Sorry for all the questions but this is technically beyond my experience.



You've had a lot of useful advice. I picked up on the magic word
'Access'. A wonderful program, I've used it extensively for over
ten years, but...

If you're using it as a front end to SQL Server or similar, there's
probably no problem. If used client-server to an Access backend,
it often gets very unhappy if the link breaks. Mostly, you just
kill the client process, but sometimes you don't have a backend
database any more.

So if it is working Access-Access, I'd strongly advise using it
over RWW rather than VPN. A LAN can break, but that will happen
a lot less often than a VPN going down.

You also imply data safety is an issue (as if it ever isn't).
Access operated client-server will pull complete tables across
the network to the client, which is s-l-o-w over VPN. RWW not
only speeds this up tremendously, but the data never leaves the
LAN. As stated elsewhere, you can secure a LAN much more easily
than random laptops and home desktops.
.

Relevant Pages

  • Re: SBS VPN setup?
    ... All I can say is my clients love RWW ... can't be used as a terminal server in application mode so you can't have ... to have my client go this route for now, and maybe another solution later, ... quite easy to setup and most of the time there is no need for VPN at all. ...
    (microsoft.public.windows.server.sbs)
  • Re: PCanywhere and ISA 2000
    ... - The RWW is only a special implementation of the Advanced TS client. ... A VPN typically will be only ... If 128-bit encryption using an algorithm ...
    (microsoft.public.windows.server.sbs)
  • Re: Another RWW versus VPN question
    ... A Pix does not ...by itself make you more secure. ... VPN "can" make you more insecure. ... I have a client that recently had a programmer from a large security based ...
    (microsoft.public.windows.server.sbs)
  • [NEWS] Cisco VPN 5000 Client Multiple Vulnerabilities
    ... Multiple vulnerabilities exist in the Cisco Virtual Private Network (VPN) ... 5000 Client software. ... These vulnerabilities are documented as Cisco bug ID ... CSCdx17109 - MAC OS VPN 5000 Client password vulnerability ...
    (Securiteam)
  • Re: VPN clients unable to connect to other resources.
    ... gateway matches the IP of the remote client, and DNS and WINS point to the ... remote (although it takes close to a minute to connect, ... This is just regular Windows VPN, ... VPN server, remote routing and access running on the SBS 2003 server ...
    (microsoft.public.windows.server.sbs)
Loading