Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 322
  • Last Modified:

VPN Remote Access

Hi All,

I want to setup remote access for staff at home to login and access a program. The problem is that I have been told that by using a VPN on it's own, the network will be at the mercy of the users security updates, service packs, virus definitions and general health of their machine.

I was told that using Terminal Server and purchasing TS CALs for each staff member was the safest way to go.

Can someone please tell me how most people setup remote access to give protection from outside viruses and give best remote access speed?

Please give me some detailed information, because I am confused, and my boss wants to know why he has to pay for a TS CAL for each staff member and a Windows Server CAL for each staff member when he thinks we should just use VPN. Is VPN on its own safe?

Thankyou
0
JSCHS
Asked:
JSCHS
  • 2
2 Solutions
 
Jay_Jay70Commented:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm

http://www.onecomputerguy.com/networking/xp_vpn.htm

ports needed are at the bottom


or you can install terminal services but it is a lot more expensive
0
 
JSCHSAuthor Commented:
Sorry, to be more clear, I have already setup a VPN client and have access into the network. The question I am proposing is should I now tell all staff how to get in. The reason I ask this question is if there computer is riddled with viruses etc then our network will surely be affected.

This is why I am asking for help. How do I protect my network from Viruses etc from users at home.

Thats why I suggested Terminal Services, because a user simply logs into the terminal server and uses its virus protection, security etc.

Please help
0
 
Jay_Jay70Commented:
if you have a decent AV on your server it should look after you

however, if you know the machine is riddled the no way would i let them in
0
 
SkUllbloCkCommented:
Jay_jay70 was right in what he said, the crux of the matter is if you want remote access, then you are already opening up a door for security issues, but you should already know that, and have weighed up both the pro's and cons's of having the VPN.

The best and cheapest solution is to setup the VPN with the highest possible security, and only probably use some sort of key distribution (pre-shared key is what we use) with some rather strict rules setup for who has access, what ports, and what media are allowed before the client is granted access to the server. L2TP over IPSec is a very good idea, and try limit the authentication challenge to one thing. (MS-CHAP v2) i reccomend.
But then we still come to the problem of virus's coming from the client machine. AS Jay_jay said, make sure you have a good corporate AV in place for both the client and home systems.
make sure the user that logs on from home has limited permissions on the server, use the deny permission rather then the "no permission" strategy for shares and resources that the client doesn't need access to.

Run AV scans and Malware scans everyday on the server (scheduled) to make sure that you are properly protected.
Make sure you have proper backup policy's in place.

Ideally the terminal idea is the safest, but it is indefinitely more expensive.

So here is what i suggest. find out the cost involved for the terminal solution, weigh it up against the chances of a virus on the client home system, determine the value of your data integrity, and what the downtime cost would be of restoring the server if it is compromised.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now