[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 249
  • Last Modified:

To RAS or not to RAS that is the question.

I have a multiple physcian office that I have inherited from a friend.  I was not there for the initial configuration of the network.  The network consists of a single 2003 Server box with 15 XP Pro clients.  The server is an application server running an EMR application for the office staff.  I was brought in due to a virus issue on the server which came from the Docs remotely accessing the Server, using MS Remote Desktop, and using it as a RAS.  The virus was first found on the server in a folder that belongs to one of the docs.  Needless to say this virus brought down the server and caused a complete work stoppage.  I have told the docs that I think that they should go with a RAS seperate from the application server and they are willing to spend the money for this box.  I would appreciate any information from anyone who has dealt with either a combined application and remote access box or two seperate boxes.  I have my own ideas about what should be done, seperate RA and application servers,  but I would appreciate any other information so I can do what would be best for the docs and their practice.

Thank you very much.
0
thomaszero
Asked:
thomaszero
1 Solution
 
Rob WilliamsCommented:
Though VPN's and RRAS create a very secure tunnel, the main risk is there is little protection from whatever lurks at the other end of the tunnel. Though a separate RRAS server would give you a little more separation, it is quite an expense if it is just for that purpose. A VPN hardware router would be far less expensive, even a Cisco, offer the same degree of separation, and far better security, and manageability. However, that tunnel is still pretty much wide open. One method of securing the tunnel to some degree is by not allowing split-tunneling. This blocks the connecting computer from its local network while connected to the VPN. At least with this, that one computer is the only risk. The problem with RRAS is the connecting client can easily override this without your knowing. With a Cisco router they cannot.
An even better security measure would be to use Microsoft's ISA server. It could be added to your existing RRAS server and immensely improve security. It, as well as Longhorn, can quarantine connecting users until it has been verified they have current virus protection and Windows updates.
A few options to look at and my humble" opinions.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now