Re: remote desktop question

[Brian Loe <knobdy () gmail com>]

Same rules apply. If you are giving them any kind of VPN access you're
hooking them into your network, for that reason you should make sure
they're running some kind of firewall - and I have much more faith in
an appliance based firewall than, for instance, Windows (host) based.
If you require them to get a router for their home network, odds are
good it has VPN functionality (I like linksys for the most part).

For traveling, and they're using laptops, you can use either Windows'
client or a client that comes with your endpoint. For your endpoint I
would again recommend a device as opposed to, for instance, RAS (which
would require you to either open ports in your firewall or place the
box directly on the Internet). If you use a cisco device (PIX or 3000
or other) they have a decent client for Mac and Windows, and one that
"works" for linux.

On 11/2/05, jordanpw <jordanpw () gmail com> wrote:
> Thanks.  Thinking more in terms of allowing users from multiple
> locations - home / home office etc ...
>
> Brian Loe wrote:
>
> > If connecting two sites then you would use the router/firewall at each
> > site to create the tunnel. Your performance hit will vary depending on
> > your connection speed and what you're doing via terminal services -
> > but for the most part my experience has been very good.
> >
> > SSL VPN is a very easy way to go but I've recently began question it's
> > security. If someone can perform a MITM attack on an SSL session, why
> > not an SSL VPN session? I don't know...just wondering.
> >
> >
> >
> >
> > > I see this advice often on this list.  I work with very small businesses
> > > (200 users and below) where number of servers / firewalls / routers, and
> > > budgets for same, are very small.  So I have some (very basic I'm
> > > afraid) questions on this subject:
> > > -- Is there not a slowness / performance hit when forcing users to
> > > access a Terminal Server via a VPN connection?
> > > -- This will require VPN client software on all client machines right?
> > > Or is the in-built MS VPN connection stuff considered acceptably secure
> > > in this scenario?
> > > -- Or should we look at SSL VPN for this?
> > >
> > > Thanks in advance for any feedback ...