Virtual Private Networks

Networking/Security Forums -> Windows

Author: Jackson David PostPosted: Wed May 07, 2008 8:36 am    Post subject: Virtual Private Networks
    ----
As per the requirements in the organization we work, we need to allow a private virtual network of all to access the files or web services within their PCs. I browsed the internet to acquire the knowledge on the same but was unable to achieve productive results.

Please suggest some software that has the ability to share over two standard protocol units. We require some easiest way to protect our company’s data. We need security at times of incidents like rootkit attacks and zero-day vulnerabilities.

Any help in this regard would be highly appreciated.

Thanks,
J.David

Author: rchoetzlein PostPosted: Wed May 07, 2008 2:24 pm    Post subject: 2nd hand info
    ----
I'm not a security person, but some network guys I know who run a large network recommend Cisco's Easy VPN Server and Client. I've used the client, and its very simple and friendly. They deal with lots of attacks, and their strategy is basically to "close down all ports not in use", including switching common ports for services to non-typical #s, along with really good passwords. All servers are behind their firewall, and they only grant remote access to users via the VPN.

Author: graycatLocation: London, UK PostPosted: Wed May 07, 2008 3:12 pm    Post subject:
    ----
Choosing the best method really depends on what kit you've got in place already and your budget as most VPN technology is pretty much along the same lines.

If you've got a "good" external firewall then you should be able to setup PPTP or L2TP VPN tunnels directly to that from the clients. Some firewalls even come with their own software clients that you install on the client PC. Otherwise most OS's will allow you to create VPN's natively.

Personally we run a mixture of software controlled VPN clients as well as windows created PPTP VPN's to different office(s).

will these protect from rootkits and 0-day vulnerabilities? not really, no. However if you back them up with a solid set of security practices covering things from smallest surface area, least privileges, port and packet filtering to anti-virus and sign agreements / acceptable use documents

Author: Mckenna Melissa PostPosted: Thu May 08, 2008 8:40 am    Post subject: Virtual Private Networks
    ----
The question is somewhat unclear.

If you need VPN-access there's always the built in functionality of RRAS in Windows Server 2008 and a lot of 3rd party products.

If you need to secure your clients you could always use bit locker if you run Windows Vista, combined with a server/domain-isolation with a NAP-solution you could ensure that only approved clients can connect to your servers. Protection against viruses and malware could be provided by any 3rd-party product or Windows Defender / Forefront client security.

Author: Jayden Kissko PostPosted: Fri May 09, 2008 1:26 pm    Post subject: Virtual Private Networks
    ----
I think the problem is something like a Virtual PC?
Have you heard about the technology called Desktop Virtualization? Numbers of software vendors are rolling out desktop-virtualization offerings. They simply manage entire lifecycle of virtual desktops making it easy to create, update, and control the virtual desktop. You can look forward depending upon the requirements at your organization.

Author: ChadAmbergLocation: Colorado Springs PostPosted: Fri May 09, 2008 4:07 pm    Post subject:
    ----
I've helped set up a few networks like this. Several servers running as many virtual PCs as they can handle accessible via RDP, and then typically an SSH server running as the gateway while using WiSSH (http://wissh.com) as the client product. Using WiSSH it can run on a USB stick and there are never any OS level changes like you get with VPN.

Author: ThePsykoLocation: California PostPosted: Fri May 09, 2008 8:40 pm    Post subject:
    ----
Just to give you a completely different direction to go in, at my last company we used a third party VPN provider - Positive Networks to handle our VPNs. I liked them for several reasons.. For starters, they handle all first line support issues from your users. That right there was worth the cost for me Smile They also handle all the tunnel connectivity. They set up the tunnel to your firewall and monitor the connections 24/7. (The users actually connect to PNs server via SSL connection, and are then funneled over to your network) Oftentimes they would tell me about a problem before my users even noticed. But the best part was they have a HUGE variety of configuration options available that could be set at the enterprise level, group level, and user level. Some of those options included requiring up to date AV/Spyware software and firewall protection. You could even keep your users from connecting if they don't have all of the Windows critical updates installed.

Although they didn't provide root-kit scanning, they seem to have just about everything else you're looking for.

(and no, I don't work for them lol)

Author: Mckenna Melissa PostPosted: Tue May 13, 2008 8:33 am    Post subject: Virtual Private Networks
    ----
I have heard about the technology called “Predictive Fetching” that helps virtual computers start faster and update quickly. This technology is even cost effective and tune faster with existing configurations. Which means you’ll be able to decrease user downtime and increase user satisfaction.

Author: Jackson David PostPosted: Fri May 16, 2008 7:35 am    Post subject: Virtual Private Networks
    ----
I have received so many replies through mail too but none of them helped out fully.

The security that we need against the incidents is the big issue to consider. Could this be solved too?

Author: PhiBerLocation: Your MBR PostPosted: Fri May 16, 2008 5:41 pm    Post subject:
    ----
You have two issues here: you need a VPN connection to allow access into your internal LAN and you need a solution that will help you prevent against rootkit attacks and zero-day vulnerabilities.

My suggestion is that you separate these two issues as they are two distinct problems. Rootkit detection/prevention is a whole other ballgame. Zero-day exploit prevention will require adequate defense-in-depth strategies.

NAP/NAC can help make sure machines are up to date and patched before connecting to your VPN but unfortunately, targeted rootkit attacks will go under the radar with most AV implementations. What you need to understand is "risk management." How much risk are you willing to take?

Author: Jayden Kissko PostPosted: Thu May 22, 2008 1:44 pm    Post subject:
    ----
There are many different vendors who offer VPN solutions and each are different in their implementation but the technology used remains the same. They eliminate the time-consuming and security-threatening hassles of IT management, thereby increasing user productivity and flexibility.
The process is normally quiet simple: -

1. Each user has a key/tag, this provides authentication.

2. They will have some kind of VPN software to connect to the concentrator.

3. And the VPN concentrator confirms the authentication and act's as the gateway for your VPN connection once authenticated.

Author: augmedia PostPosted: Tue May 27, 2008 5:27 pm    Post subject:
    ----
i haven't read all of this post....but try Hamachi. it's quick, easy and small.

Author: Jayden Kissko PostPosted: Fri Jun 27, 2008 10:48 am    Post subject:
    ----
I use vmware with virtualcenter it is great; we have over 150 virtual desktops. There are others but it depends on the platform you are using.

Author: bradcamry PostPosted: Wed May 18, 2011 5:53 am    Post subject:
    ----
A VPN is a private network that uses a public network to connect remote sites or users together. I does not know about any software but I will find it.



Networking/Security Forums -> Windows


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group