External Access required by Sales Manager

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Oct 22, 2002 12:17 pm    Post subject: External Access required by Sales Manager
    ----
I've got a guy who's never in the office, the Sales manager, always in a Hotel, Clients house or at home..

He needs to get access to our internal Database system and I'm fairly new to remote access for users rather than administrators so I'm not sure the best way to go about it.

We are using an IPCop Linux firewall/gateway for Internet access and this supports VPN, but from what I understand it supports VPN as in the ability to link a secure VPN tunnel between 2 IPCop machines..

Should I use VPN (never set one up before) or just port forward VNC or Terminal Services inside over SSH, I'm really not sure how to go about doing this.

Bear in mind the solution must be usable for a fairly IT illiterate end user.

Author: Jason PostPosted: Tue Oct 22, 2002 12:37 pm    Post subject:
    ----
I would go for the second option, and use terminal services. You can customise his desktop, and restict his permissions, what he can access etc.

I would not use VNC, as it "shares" the desktop with anyone else at the computer, meaning if he is logged in and working, the PC will be out of use for other staff.

Go term services, but do it on a "member server" not a domain controller. Put your terminal services on a different port. If he is using a laptop, create a url shortcut on his desktop like 192.168.0.52:4567. what this means? - IP.Add.re.ss:Port.

On the security side, lock down the member server.

Not on the domain controller because:
1) Security
2) Performance

Out of interest, which database software are you using?

Obviously, this needs to be installed on the "member server". I am assuming your internal network is a W2k AD Domain.

In my experience, VPNs are nothing but a pain in the arse.

Whats everyone elses view?

J.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Oct 22, 2002 2:37 pm    Post subject:
    ----
Yeh I was thinking TS would be best, easier to control.

A member server?

I only have 1 server..Can I make my Win2k Pro box into a TS server?

We are using MSSQL with a bespoke VB front end..

Currently re-developing it in Delphi/Kylix for cross platform compatiblity.

Author: Jason PostPosted: Tue Oct 22, 2002 3:18 pm    Post subject:
    ----
Definition: A member server in an MS Active Directory domain is a server that is not a domain controller, yet offers file / print sharing / other services.

I made a 2k pro machine into TS server, when i will get home i will post details. i know you need to install an extra thing of a cd, ive forgotten what it is.

J

Author: chrisLocation: ~/security-forums PostPosted: Tue Oct 22, 2002 6:29 pm    Post subject:
    ----
Would be interested in TS for 2k desktop, I thought it was only available as the two seperate modes as part of 2k server.

ta

Author: MathisLocation: North West PostPosted: Tue Oct 22, 2002 7:40 pm    Post subject:
    ----
Personally I would VPN into the network and then either run a TS server or the actual programs, which ever uses less bandwidth.
You could try to create a web front end to access the DB but I dont know much about this and i would still go through the VPN for encryption and security reson's.
I've had some good results running app's like outlook over VPN but in most case's its better to go with the beast you know Very Happy

I dont know any way of TS into a win2000 pro box without taking up the whole desktop, so if anyone knows i would be very intrested

thanks

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Wed Oct 23, 2002 12:40 pm    Post subject:
    ----
Any more info on this?

The only way I've found to install TS on a Win2k Pro box is using NTSwitch to fool the box into thinking it's a 2k server then copying the components across...

I don't have the resources to enable usage of TS on the main server either, it's almost dying as it is..

Any other ideas?

Author: Jason PostPosted: Wed Oct 23, 2002 1:58 pm    Post subject:
    ----
Sorry peeps, didnt have any time last night to sort it out.

The pub was calling me.

Will post info 2nite.

J


====================================

My bad.

It was the TS Client i installed, not the server thing.

Sorry.

J



Networking/Security Forums -> Firewalls // Intrusion Detection - External Security


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group