RE: Allowing secure external access.

[Tim Donahue <TDonahue () haynesconstruction com>]

If it is more than one person that needs remote access, you might look into
setting up a Citrix server.  Citrix is capable of using SSL encryption.  

If it is only one person you could use VNC over a SSH connection, or even a
SSH tunnel to a Win XP box's remote desktop.

Tim Donahue

> -----Original Message-----
> From: Shaolin Tiger [mailto:shaolin () shaolin-tiger com] 
> Sent: Monday, October 28, 2002 2:27 PM
> To: security-basics () securityfocus com
> Subject: Allowing secure external access.
>
>
> Hi all,
>
> Just a quick query really..I'm pretty new to allowing people 
> to come in from outside, I usually spend most of my time 
> trying to stop them ;)
>
> I need to allow access to our internal database and 
> application to the sales manager who spends all his time outside..
>
> I have an IPCop firewall which I believe has some VPN 
> support, but only supports end to end connections, like 1 
> IPCop box to another, as far as I can understand from reading 
> the docs.
>
> I know in 2k and XP you can choose VPN when creating a new 
> connection in network settings and enter a server IP but I 
> don't think this would work with the IPCop machine.
>
> The sales guy will be using an XP laptop.
>
> The other option I thought of is having a dedicated machine 
> inside using VNC or something and a port forward, but I don't 
> think this is very secure.
>
> We do have terminal services on our PDC but it is allready 
> overloaded and I wouldn't wish to put this extra burden on 
> it...it may just give up.
>
> What other options do I have? Preferably free, or cheap and 
> secure to put my mind at rest opening up a hole in the firewall.
>
> Any suggestions appreciated.
>
> Shaolin
>
> .: http://www.security-forums.com :.
>
>          Share your knowledge
>           It's a way to achieve
>                 Immortality.