• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

External Access required by Sales Manager

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security

View previous topic :: View next topic  
Author Message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Oct 22, 2002 12:17 pm    Post subject: External Access required by Sales Manager Reply with quote

I've got a guy who's never in the office, the Sales manager, always in a Hotel, Clients house or at home..

He needs to get access to our internal Database system and I'm fairly new to remote access for users rather than administrators so I'm not sure the best way to go about it.

We are using an IPCop Linux firewall/gateway for Internet access and this supports VPN, but from what I understand it supports VPN as in the ability to link a secure VPN tunnel between 2 IPCop machines..

Should I use VPN (never set one up before) or just port forward VNC or Terminal Services inside over SSH, I'm really not sure how to go about doing this.

Bear in mind the solution must be usable for a fairly IT illiterate end user.
Back to top
View user's profile Send private message Visit poster's website
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Tue Oct 22, 2002 12:37 pm    Post subject: Reply with quote

I would go for the second option, and use terminal services. You can customise his desktop, and restict his permissions, what he can access etc.

I would not use VNC, as it "shares" the desktop with anyone else at the computer, meaning if he is logged in and working, the PC will be out of use for other staff.

Go term services, but do it on a "member server" not a domain controller. Put your terminal services on a different port. If he is using a laptop, create a url shortcut on his desktop like 192.168.0.52:4567. what this means? - IP.Add.re.ss:Port.

On the security side, lock down the member server.

Not on the domain controller because:
1) Security
2) Performance

Out of interest, which database software are you using?

Obviously, this needs to be installed on the "member server". I am assuming your internal network is a W2k AD Domain.

In my experience, VPNs are nothing but a pain in the arse.

Whats everyone elses view?

J.
Back to top
View user's profile Send private message Send e-mail
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Oct 22, 2002 2:37 pm    Post subject: Reply with quote

Yeh I was thinking TS would be best, easier to control.

A member server?

I only have 1 server..Can I make my Win2k Pro box into a TS server?

We are using MSSQL with a bespoke VB front end..

Currently re-developing it in Delphi/Kylix for cross platform compatiblity.
Back to top
View user's profile Send private message Visit poster's website
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Tue Oct 22, 2002 3:18 pm    Post subject: Reply with quote

Definition: A member server in an MS Active Directory domain is a server that is not a domain controller, yet offers file / print sharing / other services.

I made a 2k pro machine into TS server, when i will get home i will post details. i know you need to install an extra thing of a cd, ive forgotten what it is.

J
Back to top
View user's profile Send private message Send e-mail
chris
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums

Offline

PostPosted: Tue Oct 22, 2002 6:29 pm    Post subject: Reply with quote

Would be interested in TS for 2k desktop, I thought it was only available as the two seperate modes as part of 2k server.

ta
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
Mathis
Just Arrived
Just Arrived


Joined: 16 Oct 2002
Posts: 0
Location: North West

Offline

PostPosted: Tue Oct 22, 2002 7:40 pm    Post subject: Reply with quote

Personally I would VPN into the network and then either run a TS server or the actual programs, which ever uses less bandwidth.
You could try to create a web front end to access the DB but I dont know much about this and i would still go through the VPN for encryption and security reson's.
I've had some good results running app's like outlook over VPN but in most case's its better to go with the beast you know Very Happy

I dont know any way of TS into a win2000 pro box without taking up the whole desktop, so if anyone knows i would be very intrested

thanks
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Wed Oct 23, 2002 12:40 pm    Post subject: Reply with quote

Any more info on this?

The only way I've found to install TS on a Win2k Pro box is using NTSwitch to fool the box into thinking it's a 2k server then copying the components across...

I don't have the resources to enable usage of TS on the main server either, it's almost dying as it is..

Any other ideas?
Back to top
View user's profile Send private message Visit poster's website
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Wed Oct 23, 2002 1:58 pm    Post subject: Reply with quote

Sorry peeps, didnt have any time last night to sort it out.

The pub was calling me.

Will post info 2nite.

J


====================================

My bad.

It was the TS Client i installed, not the server thing.

Sorry.

J
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register