RE: Secure WAN Setup (Possibly off topic?)

["Duston Sickler" <dustons () abswebb net>]

Hello,

Using a  broadband Internet connection at the remote site will probably
save you thousands of dollars over the years.  Especial if the lease
line would cross a latus.  Some companies I consult for have a similar
arrangement and the "IT Guy" is employed by the parent company and
sub-contracted to the offspring.

Good luck!
=====
Duston Sickler
"There are only 10 types of people in the world, those who understand
binary, and those who don't."

-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com] 
Sent: Thursday, March 06, 2003 12:31 PM
To: oclug () oclug org; security-basics () securityfocus com;
windows2000 () freelists org
Subject: Secure WAN Setup (Possibly off topic?)


Our company is considering splitting off one of the divisions into a 
seperate entity at another location.  My boss has asked that I provide
him 
with a WAN proposal with recommendations, costs, etc.  I know the
theory, 
but I haven't implemented anything like that before.  I'd like to
solicit 
comments on how to set this up in a secure, effective manner.  Does
anyone 
have any advice, warnings, comments, thoughts, etc.?

To help define the scope of this question here are a few facts:

The main company will be about 40-45 employees at one location, this is 
where most of the hardware will reside.
The secondary company will be between 15-30 min away and employ about
five 
people.
The secondary company will have a much more strict security setup than
the 
main organization due to the nature of their work.
The budget for this setup is probably less than $5000 though thats still
a 
grey area.
I need to decide if both organizations should continue sharing a main 
database, or if the second organization should purchase their own. I
also need to decide if I should stay working for the main company and
have 
them hire me out to the subordinate organization, or recommend that I
become 
a contractor who works for both.
Leased line or Internet VPN?


My initial plan is to set up a server on site at the 2nd location, and
use 
that for necessary servcies like dhcp, logon, etc.  Then create a vpn
tunnel 
through their T1 line to the main location where the file servers,
email, 
database, etc. will reside.  The solution will probably involve a mix of

Linux and win2k.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Linux and I have a love/hate relationship.  I hate its complexity until
I 
figure out how something works, then I love its power."

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus