[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 161
  • Last Modified:

Windows Network Security


I have some recommendation questions:

- What is your recommended security solution for the following network setup and still easy to manage and primarily to use for people?

* Windows 2003 network, Exchange 2003, WTS2003 with 15 users. Users need to access terminal server to use outlook and ERP system primarily.
We have a firewall with VPN possibilities, but are hesitating to enable VPN on users as the 15 + also 50 users access email and terminal services from home and outside the office. VPN clients are difficult to use and need installation at each home.

? Are there other alternatives, is OWA2003 with SSL secure enough?
? Is the Remote Desktop Web Connection Secure and fast?
? Should we consider other products for portal use, or go back to VPN clients?

What do you recommend?


2 Solutions
ISA Server 2004 is a good candidate, despite being a pain in the &^*% sometimes to understand its weird use of terminology :-D

You can securely publish your OWA.

You can provide the VPN server using your existing user accounts, and your home users don't need any additional client software if they are using Windows 2000/XP/98... they simply create a new dial-up VPN profile in Dial Up Networking.

If you use this the only thing to remember is a default VPN profile silently changes the Default Gateway to the VPN network!

So in the VPN network connection,

Networking>Internet Protocol (TCP/IP)> Properties>Advanced>General

untick "Use default gateway on remote network"

and save!

In terms of ease of management and reporting ISA Server does well and is 'relatively' easy to manage, especially if you don't want a full time job managing the firewall/VPN services!
Rich RumbleSecurity SamuraiCommented:
You can't do better security than a good VPN solution. Remote Desktop/Terminal service are encrypted by default, and I have yet to find anything that can decode even a simple RDP session- but if you add that to a VPN tunnel, your looking much better. Users should be able to carry out simple instructions for setting up the VPN client, espically if there are screen shot's included in the instructions.

? Are there other alternatives, is OWA2003 with SSL secure enough?       99% of the time yes- ssl webmail is typically goning to be good enough.

? Is the Remote Desktop Web Connection Secure and fast?    yes, but should be better

? Should we consider other products for portal use, or go back to VPN clients? VPN Clients. Hand's down.

Those however are not your weakest links. Your weakest links are your users, using their own personal machines, with who know's what installed, and who knows who using them. Do they have Anti-virus, is it scheduled to update and then scan itself every day? Do they have a firewall, do they run a web-server from home with no firewall, no AV? Have they ever been hacked before? How would they know?

I recommend, automated VPN solutions- like Cisco VPN client software
I also recommend forcing everyone to conform to a standard of:
Anti-virus program for everyone using your network (and AV on your network in case a client doesn't have it, or it's malfunctioning)
Firewall software or hardware. ZoneAlarm at a minimum.
Vpn Client installed.
Each PC should be checked by someone with the proper know how at some point-

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now