Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- From: "Frank" <fwhorf@xxxxxxxxx>
- Date: 17 Apr 2006 06:49:12 -0700
If it were me, I'd just setup a workgroup and a inexpensive firewall
with VPN built in.
2 xp home, can they even connect to the network?
I'd use the email provided by the internet provider.
For backups if it's a small amount of data I'd even go R/W Cdrom.
I had a friend who owns a small garage, they called up a company that
wanted to do some thing similular and they bocked at the price tag.
We took a computer that was not being use loaded XP on it and created a
share.
Then added all 3 computers to the same work group and mapped the share
on each computer.
Then they just backup to Rewritable CD's rotating weekly.
I guess it depends on the budget.
Regards,
Frank
Leythos wrote:
In article <O9XH3RbYGHA.1196@xxxxxxxxxxxxxxxxxxxx>, "Frank McCallister
SBS MVP" <anonymous> says...
http://www.securityfocus.com/archive/105/427367
Here is what is being suggested:
So apply two factor authentication to auth against the inbound
connection before prompted for the RWW login session. That's exactly
what we do.
We use Cryptocard tokens against a Sonicwall TZ170 in front of the SBS
machine. The firewall communicates with the authentication server on the
SBS box via RADIUS, authorizing RWW, Sharepoint and TS/RDP only after
authing the incoming user. Even if the incoming machine had hostile code
capturing the credentials it is USELESS to them in a follow up session
since the OTP (one time password) is dead. They can't even touch the
Active Directory as the firewall won't let them in.
So, they use a card aginst the firewall, to auth the firewall, then a
RADIUS connection between the firewall and the domain.
So, this has little to do with RWW, it's more about the Firewall and
they crypto card.
So, RWW, as suggested, without a firewall appliance outside the domain,
to auth the first layer, is not any more secure than I suggested.
We do the same, auth the user against the firewall, using a firewall
created user/password, nothing close to their domain user/password, then
and only if they complete the auth with the firewall, they get another
chance to use PORT 3389 to attempt a RD connection to a specific machine
and only a specific machine, which is also limited in user scope to 1
user (in some cases we might allow 2 users in the case of a on-call
group).
Again, it's two layers of security in the sites posts and in mine,
that's what makes it a double auth system and more secure than exposing
RWW directly.
--
spam999free@xxxxxxxxxx
remove 999 in order to email me
.
- References:
- Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- From: Frank McCallister SBS MVP
- Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- From: Frank McCallister SBS MVP
- Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- From: Frank McCallister SBS MVP
- Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- From: Frank McCallister SBS MVP
- Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- From: Frank McCallister SBS MVP
- Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- Prev by Date: Re: SBS 2003 Standard - SP1 Install Error
- Next by Date: Re: Simultaneous logons for same users?
- Previous by thread: Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- Next by thread: Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- Index(es):
Relevant Pages
|
