Re: Security question re- VPN clients on wireless networks

From: "Michael Jenkin [SBS-MVP]" <michael.jenkin@xxxxxxxx>
Date: Wed, 12 Dec 2007 07:49:50 +1000

Hello,

Vpn's are only as secure as the remote site. If the remote site has a
trojan/virus etc it could get to the server via the VPN.

This is why you put firewalls, antivirus and everything other type of
security you can on the remote end (even privatly owned machines) and
then also make sure it is all up to date on the workstations and the
server.

Once the tunnel is up, if someone can or has comprimised the PC at the
remote end, you are in trouble.

Following this thought then I would do everything you can to protect the
Wireless access point from unauthorised access or sniffing.

I would use WPA, Mac address lockdowns and even though it is minimal
ecurity, hide the SSID. People can still find the SSID and can clone mac
addresses, they can even evetually get Wep keys (WPA is lots more secure
than WEP) but by doing these things you make yourself an unattractive
target and hopefully the unseriable will move on and you are safe.

BTW, if you have SBS 2003, the RWW service is sealed with certificates,
RDP uses encryption and as long as you unselect to map the local drives,
is fairly safe and a little faster than running it though a VPN. You
could RWW direct to the Terminal server.

Thanks

CTK wrote:

This is in regard to an SBS 2003 network that has several users who remote
to the Terminal Server through a VPN (PPTP).

The question is: If the users have a wireless network at home, is the VPN
sufficient to secure their communications, or do they need to implement WPA
(for example) in order to further protect the data being transmitted.

Please feel free to answer succintly, or to expound a bit, if you like.

thanks in advance for your information / opinions on this!

-Charlie Kopp
-mpi computer services
-Seattle

--
Michael J. Jenkin MVP - SBS, MCP, Small Business Specialist, Senior
Systems Engineer
Visit http://www.mickyj.com
.

Follow-Ups:
- Re: Security question re- VPN clients on wireless networks
  - From: Owen Williams [SBS MVP]

References:
- Security question re- VPN clients on wireless networks
  - From: CTK

Prev by Date: Re: Wireless Network Issue - SBS2K3 - Configuration and / or Topol
Next by Date: Re: Emailing outside Domain question...
Previous by thread: Security question re- VPN clients on wireless networks
Next by thread: Re: Security question re- VPN clients on wireless networks
Index(es):
- Date
- Thread

Relevant Pages

Exchange 2003, Outlook 2003, VPN Connection Issues
... I've seen a lot of posts regarding Outlook through VPN, ... I have one Exchange 2003 SP3 server in a main office. ... T1's at the main office and 1 T1 at the remote site. ...
(microsoft.public.exchange.admin)
Re: Connecting Remote Sites via VPN
... group as they can be very helpful with VPN issues. ... these up between ISA Server which creates all the rules and RRAS ... >>If you are using a hardware vpn at the remote site I ... >>good results with Netopia routers. ...
(microsoft.public.backoffice.smallbiz2000)
RE: [fw-wiz] Issues opeing firewall for SSH/SecureFTP?
... The May 2004 issue of sysadmin mag had an article on "secure file transfer ... >> served by a VPN directly to that server with a stack ...
(Firewall-Wizards)
Re: VPN to Windows 2003 server
... Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on ... > VPN tunnel from the remote site to the SOHO box using ... > ping the server sucessfully. ... > I bring up network neighborhood and when I click on the ...
(microsoft.public.windows.server.networking)
Re: SBS2003 reinstall?
... Any ideas on the ping but no file share over the vpn? ... Your TempDC server can be just about anything, ... I have a number of issues with an SBS2003 install with a remote site. ... I can ping devices across the vpn eg the server but cannot get any ...
(microsoft.public.windows.server.sbs)