Re: RDP, RWW and VPN difference
- From: "Charlie Russel - MVP" <charlie@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 15 Aug 2006 17:54:20 -0700
And a big feature coming to big server land in Longhorn. Different name,
slightly different implementation, but they hate that we've got the feature
and they don't.
--
Charlie.
http://msmvps.com/xperts64
Les Connor [SBS Community Member - SBS MVP] wrote:
I'll give you this ....
It's great to see a security expert installing SBS, and bringing what he
knows to his implementations and to the community. Good work Leythos.
For the vast majority of the rest of us, a security expert that's more
than smoke and mirrors is hard to find - perhaps even impossible. In that
position, and considering that RWW works 'out of the box', and is
inherently more secure than the 'default' VPN some might fall into - I'd
give kudo's to SBS DEV as well :-).
No matter what we say, Remote Web Workplace is the single most talked
about and valuable feature in SBS, and that's from the end customers
point of view :-).
"Leythos" <void@xxxxxxxxxxx> wrote in message
news:%njEg.53432$vl5.4027@xxxxxxxxxxxxxxxxxxxxxxxxx
In article <OzgxI6CwGHA.4140@xxxxxxxxxxxxxxxxxxxx>,
charlie@xxxxxxxxxxxxxxxxxxxxxxx says...
What Susan said. ;)
Seriously - I've yet to see virtually anyone implement VPN any other way
than the default. And for that implementation, I definitely prefer RWW.
And,
when I add in Dana's two factor authentication, with one-time passwords,
I
like that a whole lot better still.
What is the default?
It really comes down to what you know and what hardware you have
experience with.
Just because you don't have a lot of security experience doesn't mean
you can't learn from those that do.
A cheap D-Link DFL-700 router/firewall (under $300) will act as a PPTP
Server and allow you to create groups/users on it, then allows you to
restrict those VPN sessions to specific ports/IP in the network.
Before SBS and RWW we use to work with VPN's all the time, nothing has
changed in all these years. What we see now are people that don't
experience the real security devices and are using NAT Routers as
firewalls and they've lost all the quality features of firewwalls by
doing so.
I like the idea of a OTP, but, since I've already got a firewall at
EVERY Clinets location, I don't need to add anything to SBS (or any
Windows Server network) to provide two pass authentication.
Oh, and if you are using a real firewall you get other benefits:
Attachment stripping in the inbound SMTP Session, removal of bad headers
from inbound SMTP, removal of some detected bad items from inbound SMTP
sessions, email size limiting, removal of bad things from HTTP Sessions,
removal of download items from HTTP Sessions (by file type), blocking of
Active-X, etc....
I'm not trying to start an argument, but you guys really need to see
that there was an existing and proven method that worked/works as well
or better than RWW (as packaged with SBS) when properly implemented.
--
spam999free@xxxxxxxxxx
remove 999 in order to email me
.
- Follow-Ups:
- Re: RDP, RWW and VPN difference
- From: Les Connor [SBS Community Member - SBS MVP]
- Re: RDP, RWW and VPN difference
- References:
- Re: RDP, RWW and VPN difference
- From: Charlie Russel - MVP
- Re: RDP, RWW and VPN difference
- From: Charlie Russel - MVP
- Re: RDP, RWW and VPN difference
- From: Les Connor [SBS Community Member - SBS MVP]
- Re: RDP, RWW and VPN difference
- Prev by Date: Re: SBS, external firewall, and internal DHCP?
- Next by Date: Re: Unix and SBS - using different IP ranges, but both provide app
- Previous by thread: Re: RDP, RWW and VPN difference
- Next by thread: Re: RDP, RWW and VPN difference
- Index(es):
Relevant Pages
|
