Solved

VPN Remote Access

Posted on 2006-06-29
5
285 Views
Last Modified: 2010-04-18
Hi All,

I want to setup remote access for staff at home to login and access a program. The problem is that I have been told that by using a VPN on it's own, the network will be at the mercy of the users security updates, service packs, virus definitions and general health of their machine.

I was told that using Terminal Server and purchasing TS CALs for each staff member was the safest way to go.

Can someone please tell me how most people setup remote access to give protection from outside viruses and give best remote access speed?

Please give me some detailed information, because I am confused, and my boss wants to know why he has to pay for a TS CAL for each staff member and a Windows Server CAL for each staff member when he thinks we should just use VPN. Is VPN on its own safe?

Thankyou
0
Comment
Question by:JSCHS
  • 2
5 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 250 total points
ID: 17015616
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm

http://www.onecomputerguy.com/networking/xp_vpn.htm

ports needed are at the bottom


or you can install terminal services but it is a lot more expensive
0
 

Author Comment

by:JSCHS
ID: 17015651
Sorry, to be more clear, I have already setup a VPN client and have access into the network. The question I am proposing is should I now tell all staff how to get in. The reason I ask this question is if there computer is riddled with viruses etc then our network will surely be affected.

This is why I am asking for help. How do I protect my network from Viruses etc from users at home.

Thats why I suggested Terminal Services, because a user simply logs into the terminal server and uses its virus protection, security etc.

Please help
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17015730
if you have a decent AV on your server it should look after you

however, if you know the machine is riddled the no way would i let them in
0
 
LVL 2

Accepted Solution

by:
SkUllbloCk earned 250 total points
ID: 17016766
Jay_jay70 was right in what he said, the crux of the matter is if you want remote access, then you are already opening up a door for security issues, but you should already know that, and have weighed up both the pro's and cons's of having the VPN.

The best and cheapest solution is to setup the VPN with the highest possible security, and only probably use some sort of key distribution (pre-shared key is what we use) with some rather strict rules setup for who has access, what ports, and what media are allowed before the client is granted access to the server. L2TP over IPSec is a very good idea, and try limit the authentication challenge to one thing. (MS-CHAP v2) i reccomend.
But then we still come to the problem of virus's coming from the client machine. AS Jay_jay said, make sure you have a good corporate AV in place for both the client and home systems.
make sure the user that logs on from home has limited permissions on the server, use the deny permission rather then the "no permission" strategy for shares and resources that the client doesn't need access to.

Run AV scans and Malware scans everyday on the server (scheduled) to make sure that you are properly protected.
Make sure you have proper backup policy's in place.

Ideally the terminal idea is the safest, but it is indefinitely more expensive.

So here is what i suggest. find out the cost involved for the terminal solution, weigh it up against the chances of a virus on the client home system, determine the value of your data integrity, and what the downtime cost would be of restoring the server if it is compromised.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question