Security for remote branches with VPN

Posted on 2012-08-29
Last Modified: 2012-08-29

I have been given a project on connecting our remote branches to the main branch.  Other than VPN connectivity what other steps shall I consider to make the main branch bulletproof?  The main branch has the corporate antivirus, etc but I am not so sure if the remote branch are that 'clean'.  My concerns is basically what steps can I take to ensure that problems (virus, malware, etc) from the remote branch can be stop or detected before it transfer over to the main branch via VPN and how to secure access on the main branch network to ensure that users from other branches only have access to certain server?  If possible at all.

Question by:Wayne88
    LVL 13

    Accepted Solution

    Ideally, you'd want to configure the AV server in your head office to control virus updates and reporting for any viruses on the machines on the other site.  There are multiple ways to do this...including installing a secondary AV server at the remote site and having it transfer the information rather then the packages across the WAN.  Depends on what AV software you're using.

    Close tcp port 25 outgoing for anything that isn't a mail server.  That is a big one.  

    Access to servers can be controlled via group policy or by local permissions (don't allow Domain Users to log into Remote Desktop or access file shares for example).

    You'd most likely want to setup a secondary DC at the remote location to make sure that all login traffic isn't going over your WAN.  This can be slow and annoying for the users in the remote office (not to mention if the link goes down they're dead in the water).

    Ideally, you'd want to bring the PC's at the remote office under your umbrella so you can manage them.  Right now it sounds like they're just "out there" and not being centrally managed.  You'd want to get them on the Domain, apply some firewall rules to make sure they can't access things they shouldn't and bring them into your existing Antivirus solution.
    LVL 13

    Author Closing Comment

    Thanks for your help and that helps.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now