To RAS or not to RAS that is the question.

Posted on 2007-07-22
Last Modified: 2013-11-21
I have a multiple physcian office that I have inherited from a friend.  I was not there for the initial configuration of the network.  The network consists of a single 2003 Server box with 15 XP Pro clients.  The server is an application server running an EMR application for the office staff.  I was brought in due to a virus issue on the server which came from the Docs remotely accessing the Server, using MS Remote Desktop, and using it as a RAS.  The virus was first found on the server in a folder that belongs to one of the docs.  Needless to say this virus brought down the server and caused a complete work stoppage.  I have told the docs that I think that they should go with a RAS seperate from the application server and they are willing to spend the money for this box.  I would appreciate any information from anyone who has dealt with either a combined application and remote access box or two seperate boxes.  I have my own ideas about what should be done, seperate RA and application servers,  but I would appreciate any other information so I can do what would be best for the docs and their practice.

Thank you very much.
Question by:thomaszero
    1 Comment
    LVL 77

    Accepted Solution

    Though VPN's and RRAS create a very secure tunnel, the main risk is there is little protection from whatever lurks at the other end of the tunnel. Though a separate RRAS server would give you a little more separation, it is quite an expense if it is just for that purpose. A VPN hardware router would be far less expensive, even a Cisco, offer the same degree of separation, and far better security, and manageability. However, that tunnel is still pretty much wide open. One method of securing the tunnel to some degree is by not allowing split-tunneling. This blocks the connecting computer from its local network while connected to the VPN. At least with this, that one computer is the only risk. The problem with RRAS is the connecting client can easily override this without your knowing. With a Cisco router they cannot.
    An even better security measure would be to use Microsoft's ISA server. It could be added to your existing RRAS server and immensely improve security. It, as well as Longhorn, can quarantine connecting users until it has been verified they have current virus protection and Windows updates.
    A few options to look at and my humble" opinions.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
    Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
    Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now