Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Security for remote branches with VPN

Posted on 2012-08-29
Medium Priority
Last Modified: 2012-08-29

I have been given a project on connecting our remote branches to the main branch.  Other than VPN connectivity what other steps shall I consider to make the main branch bulletproof?  The main branch has the corporate antivirus, etc but I am not so sure if the remote branch are that 'clean'.  My concerns is basically what steps can I take to ensure that problems (virus, malware, etc) from the remote branch can be stop or detected before it transfer over to the main branch via VPN and how to secure access on the main branch network to ensure that users from other branches only have access to certain server?  If possible at all.

Question by:Wayne88
LVL 13

Accepted Solution

xDUCKx earned 200 total points
ID: 38345892
Ideally, you'd want to configure the AV server in your head office to control virus updates and reporting for any viruses on the machines on the other site.  There are multiple ways to do this...including installing a secondary AV server at the remote site and having it transfer the information rather then the packages across the WAN.  Depends on what AV software you're using.

Close tcp port 25 outgoing for anything that isn't a mail server.  That is a big one.  

Access to servers can be controlled via group policy or by local permissions (don't allow Domain Users to log into Remote Desktop or access file shares for example).

You'd most likely want to setup a secondary DC at the remote location to make sure that all login traffic isn't going over your WAN.  This can be slow and annoying for the users in the remote office (not to mention if the link goes down they're dead in the water).

Ideally, you'd want to bring the PC's at the remote office under your umbrella so you can manage them.  Right now it sounds like they're just "out there" and not being centrally managed.  You'd want to get them on the Domain, apply some firewall rules to make sure they can't access things they shouldn't and bring them into your existing Antivirus solution.
LVL 18

Author Closing Comment

ID: 38345955
Thanks for your help and that helps.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question