Neil Jordan
Guest
|
 Posted:
Tue Jan 18, 2005 3:58 pm Post subject:
Remote access and security |
|
|
I am contemplating enabling our external users the ability to use our
SBS2003 server externally for emails, file access etc, but I have to get
over the problem of security.
I will shortly have a fixed IP address setup by my ISP, connecting via ADSL
into a SpeedTouch 510 to my SBS2003 with ISA server setup (using 2 network
cards).
Can anyone offer any advice as to wether I need a seperate Firewall device,
or anything else to ensure - my Director's are VERY nervous about security!
Thanks
Neil |
|
Merv Porter [SBS-MVP]
Guest
|
| Posted:
Tue Jan 18, 2005 7:20 pm Post subject:
Re: Remote access and security |
|
|
ISA is an "industrial strength" (ICSA certified) firewall and in conjunction
with your Speedtouch running NAT, this combination should provide a good
level of security from external intrusion. IMO, the bigger problem comes
from the inside your LAN (malware hiding in email, etc.). Good antivirus
software both at the file server level and for Exchange, can go a long way
here. Only open those inbound ports on the router that are absolutely
necessary.
Another problem is that you probably won't have much control over the
machines at the remote users end (vrius protection updates, security
updates, etc.). If you use VPN, RDC or RWW connections where the hard
drives of the remote and local machines are allowed to ber connected for
file transfer, trojans and other malware may penetrate your LAN. As long as
the remote users have access to Win XP Pro machines on the LAN, a better
approach may be to not allow VPN and only allow RWW or RDC sessions without
file transfer (there are some reg edits that will allow you to remove the
"connect disks" line item from the RWW Options menu). Since RWW and RDC
sessions are an implementation of Terminal Services, by default they only
send screen shots between computers. All processing is then done on the
local LAN computers and saved to the server for daily backup. As with most
remote connecttions, this most often requires a broadband connection at
botht eh server and the remote user.
Mail can be accessed using RWW, RWW with OWA, or a straight OWA session.
These methods, when set up properly, are secure.
Of course, bringing work in from home (on removable media such as floppies,
CDs, USB flash drives, etc.) should also be scrutinized.
It's all about productivity, risk assessment and control.
--
Merv Porter [SBS MVP]
===================================
"Neil Jordan" <neilj@magiglo.co.uk> wrote in message
news:O1lHQRU$EHA.3180@TK2MSFTNGP10.phx.gbl...
| Quote: | I am contemplating enabling our external users the ability to use our
SBS2003 server externally for emails, file access etc, but I have to get
over the problem of security.
I will shortly have a fixed IP address setup by my ISP, connecting via
ADSL
into a SpeedTouch 510 to my SBS2003 with ISA server setup (using 2 network
cards).
Can anyone offer any advice as to wether I need a seperate Firewall
device,
or anything else to ensure - my Director's are VERY nervous about
security!
Thanks
Neil
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in