Re: Security: VPN or RWW

From: Leythos <void@xxxxxxxxxxx>
Date: Tue, 22 Apr 2008 19:48:19 -0400

In article <eEpEvHLpIHA.2292@xxxxxxxxxxxxxxxxxxxx>, joe@xxxxxxxxxxxxxx
says...

Again, it's a matter of ethos. Simply drop SMB/CIFS, and people will
just email files back and forth, though at least that doesn't open
security holes in the network, and pretty much everyone checks email for
malware. Drop the built-in VPN, and people will use even less secure
third-party stuff. The way of working needs to move on.

We've actually moved to where we provide a firewall web authentication
and that opens TCP 3389 while they are authenticated, for their session
only, and they then use any computer to remote-desktop into one of the
terminal servers, special users (in different groups) are routed by the
firewall rules to their specific workstations (since they often have
specific software not on the T/S machines), and nothing leaves the
office itself - no drive/com/prt mapping is permitted and the company
does not permit web/pop/imap mail connections out of the building. We
setup all companies like this.

this means that remote users can either user their own PC or a cheap,
very cheap laptop and a verizon BB card from anywhere in the world and
we don't install any software (except AV) on the laptops, lock them down
completely, and provide 2 icons on them, firewall address and remote
desktop address.

If a remote users laptop is lost/stolen there is no local data on it,
it's almost a throw-away any more.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

References:
- Security: VPN or RWW
  - From: Liam
- Re: Security: VPN or RWW
  - From: Dave Nickason [SBS MVP]
- Re: Security: VPN or RWW
  - From: Leythos
- Re: Security: VPN or RWW
  - From: Joe
- Re: Security: VPN or RWW
  - From: SuperGumby [SBS MVP]
- Re: Security: VPN or RWW
  - From: Joe

Prev by Date: Wholesale AAA Corum Coin 18kt Yellow Gold Coin Ladies Watch 049-357-56-M500-MU36 Replica
Next by Date: Re: Programmatically sending faxes
Previous by thread: Re: Security: VPN or RWW
Next by thread: SPAM in the NG
Index(es):
- Date
- Thread

Relevant Pages

RE: About MS-Networking security.
... Microsoft has a solution where remote users are scanned and verified ... their ability to cause harm to their own data and the company network is ... My company have firewall protection, ... My saleman need to do their business with a Laptop. ...
(Focus-Microsoft)
Re: printing through a network
... sharing in my firewall is unchecked.the printer is completely ... but how would i "see" the desktop from my laptop? ... This should open up an explorer window where all your "desktop" shares ... this address just opens a "scheduled tasks" window. ...
(comp.periphs.printers)
Re: which ports are in need to be opened to change password over V
... that doesn't affect remote users. ... The packets come through the firewall as encrypted data. ... The only filters which could affect this would be filters between the VPN server and the DC. ... > Could you explain which ports are in need to be opened to change> passwords ...
(microsoft.public.windows.server.networking)
Re: Authentication on PIX, WatchGuard, Safe@Office & SonicWall
... > I am looking to purchase a new firewall appliance to replace a Linksys ... > I am currently providing Remote Access using the Remote Web Workspace ... Why not do it the simple easy way - let them VPN into the firewall, ... That's not what it means - they are talking about remote users as in ...
(comp.security.firewalls)
Re: Watchgaurd and open connections
... Check your firewall logs for valid incoming/outgoing packets being blocked. ... This resulted in open connections building up over time. ... > staying open indefinately after remote users check thier pop3 mail. ...
(comp.security.firewalls)