Archived from groups: comp.dcom.vpn (
More info?)
"@@bogus" wrote:
> My boss needs to access the network resources from his home. Mainly the
> files on the system. Can you explain to me from a user perspective how it
> works?
> - When the user connects to the network what does he see? and how would he
> be able to use a mapped drive?
The answer depends on how your system/network is connected to the
Internet. More below...
> - My next question is do I have to be running terminal server?
Not necessarily. Again, more below...
> I am thinking
> of the Symantec SGS 320 or SGS 360R which allow client to gateway. Our
> current device supports gateway to gateway, so we will probably put it at
> his home and put the new one in the office.
I don't know those products; from the subject: line of your posting I
assume that the are VPN appliances.
Essentially, a VPN ("Virtual Private Network") provides a secure bridge
between two trusted nodes across an untrusted path, using encryption
to ensure the security and integrity of the data while it is passing
through the untrusted segments. A frequently-used comparison is to the
US Mail: you seal a message in an envelope in your (trusted) home; send
it through the (untrusted) Post Office, who delivers it to the (trusted)
home of Aunt Emma, who opens the envelope.
With a VPN, the client machine is typically opening a path directly to
the *network* of an organization, and has most of the "rights and
privileges" of computers that have a direct physical connection to
the company's network. In many cases, the remote user with a VPN
connection can do everything that a local user can do, and unless
you would use it from a machine at the office there's probably no
need to use the MS Terminal Services feature from home.
One critical issue for your boss is where the VPN client resides. If
it's an external box that sits between his home network (or standalone
computer) and the Internet, then the above is probably correct. If
the client is a software package installed directly on his system,
he may be able to connect to the network, but might *not* be logged
into your network operating system and thus would not automatically
have access to its resources. This isn't an insurmountable problem
but can take a long time to explain.
And even if you're comfortable with the *functional* issues, *PLEASE*
have someone competent in network security go over your implementation.
It's far, far too easy for a network change -- especially one which
provides a path that bypasses your firewall -- to inadvertently open
a catastrophic security hole that lets the nasty people into your
network. And don't forget the need to have firewall logs and a
decent IDS ("Intrusion Detection System") -- and have someone who
is qualified to, and does, routinely review the firewall and IDS logs
for suspicious activity.
Joe Morris
Facebook
Twitter
Instagram