Re: SBS RWW, Exchange and a vpn
- From: "Claus" <cjobes@xxxxxxxxxxxxx>
- Date: Wed, 23 Jan 2008 23:19:14 -0500
I understand your concern but if you have implemented strong passwords, you
are pretty safe.
Which ports do you have forwarded from your firewall?
I personally prefer a 2 NIC setup with ISA. It gives an extra layer of
protection and is included in the premium version. But this is going to
change with the next release - unless MS rethinks that part.
--
Claus
"Ken" <Ken@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:17C33D81-DCEB-4C3C-A869-196654E7922C@xxxxxxxxxxxxxxxx
Thank you for the reply Claus ...
From what i have read, RWW is pretty secure and i do like the ease of
access
it affords the users.
However, My concern is that, in the last couple of weeks, in the report i
receive daily from the server, im showing 600 - 1000 or so failed login
attempts.
This of course means that the the sites address is now on someone's (or
many
someone's) radar, and they may be using a brute force password generator
or
the like to generate the failed logins.
I have of course implemented strong passwords, and have been doing a 3
month
password change policy, but it still worries me.
Hence the thought of a VPN that wont be so exposed, as RWW is.
Do you, or anyone else, have any recommendations to lock down RWW, without
compromising the ease of use or access for the users?
The current set up is a Static IP with a DNS address added to the ARecord.
Single NIC on the server, not using ISA.
There is a Firewall appliance in place, but of course ports are forwarded
for RWW.
I of course immediately traced the offrnding IP's, but they all trace back
to Singapore, Hong Kong and China, and have reported the IP's to the abuse
contacts, but to no apparent avail.
Most likely these are proxies anyway.
Any thoughts or feedback would be appreciated.
"Claus" wrote:
You can certainly have RWW and VPN and decide who can use what. If users
belong only to the RWW group, they will not be able to use the VPN. VPN
access is granted through the membership of the Mobile user group.
Having said that, I believe that in most cases RWW is the better way to
go.
Specifically for "control a workstation" in your last sentence I would
highly recommend RWW.
Installing a VPN client is really easy. You instruct the user to go to
the
RWW site and click on the link to download the Connection Manager.
Everything will be configured for the user, including an icon on his/her
desktop.
--
Claus
"Ken" <Ken@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0B3F0424-D772-44FF-BEC5-4E47BC31150A@xxxxxxxxxxxxxxxx
Hi all,
I currently have an SBS box set up with Remote Web Workplace available
on
the internet via a web address (ARecord) and users can access their
emails
via RWW Web based Outlook in Exchange.
At this point, i would like to implement a VPN connection. But many of
the
users have the ability to log into RWW and Outlook from any computer
(Family's house, home computer, etc.). If i force a VPN connection and
client, they will have to then learn how to install and configure a VPN
client. This isnt an option.
Is there a way for me to continue providing the Outlook feature of RWW
and
still implement a VPN for any other connections? As in, if they want to
remote into the LAN and control a workstation, they must use VPN, but
if
they
just want to get emails via Outlook and RWW, they simply type in an
address
and log in?
Thank you
.
- Follow-Ups:
- Re: SBS RWW, Exchange and a vpn
- From: Ken
- Re: SBS RWW, Exchange and a vpn
- References:
- Re: SBS RWW, Exchange and a vpn
- From: Claus
- Re: SBS RWW, Exchange and a vpn
- From: Ken
- Re: SBS RWW, Exchange and a vpn
- Prev by Date: Re: Next SBS version 64 Bit ony?
- Next by Date: Re: Security Problem?
- Previous by thread: Re: SBS RWW, Exchange and a vpn
- Next by thread: Re: SBS RWW, Exchange and a vpn
- Index(es):
Relevant Pages
|
