General discussion

Locked

Is a VPN the right choice for me?

By RAGEDBULL ·
I have been asked to completely redevelop an organization?s computer infrastructure. They are set up in two small offices, in two separate towns. I have heard that a VPN is the right way to go; however, I am not familiar with the technology because I usually set up end-user home networks. I need a lot of help in this area. I can go in any direction with this project, costs at a minimum. All I am starting with is that all computers in the network will be running windows 2kpro. My first question: Does this situation require a VPN? My second question: If it does require a VPN, what software-wise do I need to do, and what external hardware should I purchase to set this up (I also want each office, of no more than 20 users, to be connecting to the internet via a cable or DSL connection)?

This conversation is currently closed to new comments.

42 total posts (Page 2 of 5)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Good point

by Oz_Media In reply to Pre-Shared Key's and why ...

You're right but if this is a really small enterprise, I would think the risk of premeditated or targeted attacks is lower and usually workstation or server backups suffice to restore trojan damaged data.

I do however usually use PKI written in Python on a 386 ot PII sometimes. I know basic python module scripting but a good friend runs a PKI scripting firm that deals in bank security so I luck out with saving the big bucks.

On a side note, isn't that the cool part? When you've made enough industry friends that everything is gratis and what comes around goes around? I see PC's and servers changing hands and being passed on like baby clothes. Routers and switches are as easy as a phone call or email away and even places like TR where anything you need to know is at the tip of your fingers.

You guys rule ! ya ya heh heh

Collapse -

you'd be surprised

by LordInfidel In reply to Good point

because of my position i'm often hired to do penetration testing.

i was at my wifes office and noticed her logging in without a password. <Which I then proceeded to have a heart attack>. I then went and connected to a port on the net that i should of have never been able to get to.

I talked to the senior partners and told them that because my wife likes them, blah blah blah, I would do the anaylsis for free.

needless to say I owned their network in about 3 days. And found some others had set up shop.

The thing with crackers and script-kiddies, and even the stealthy hacker; it's not always about the data. they will use a owned netwk as a sploit repository or trade the machines for better sploits.

Collapse -

Here is a suggestion

by cpuboy456 In reply to Is a VPN the right choice ...

I have recently completed a 5 site VPN with almost your exact situation. I was also almost where you are with knowledge concerning implementing the right solution to the clients needs and wants- to differnet things. I would be willing to help you with suggestions. I fyou would like you can email me at jfrench@surferie.net

Collapse -

I think so ...

by dwdino In reply to Is a VPN the right choice ...

Unless you can get unbelievable rates on leased lines a VPN is your next alternative.

Assuming broadband connections (SDSL 256Mb+), I would recommend Astaro. I currently have this setup running flawlessly.

With Astaro, you supply the hardware. I have a Dell GX1 400 with 128MB ram and 3GB hard drive. I currently have 3 NICs in each system for the different zones I have setup.

Back to your scenario ... Astaro is a full function firewall, filter, IDS, router all in one hardened Linux distrobution. It is managed/configured through an elaborate web interface. You can download it for free with 30 day trial, and apply for a free license (reduced feature set) that will allow you to become familiar with it.

In your situation I would set both networks to route all internetwork traffic accross the vpn and then allow 'Web' traffic to pass accross DSL/other.

The other great benefit of this solution over Linksys is logging. Astaro can tell you everything that is coming, going, dropped, passed, whatever.

Here are the links:

www.astaro.com (main site)
www.astaro.org (support)

Collapse -

Me Again

by RAGEDBULL In reply to I think so ...

I'm going to be perfectly honest, and explain my case completely. I am truly a novice in this area, with no degrees. I understand computers very well, and have set up numerous home networks and such, which are cake for me. I have never set up a "real network" before, nor do I really know how to set up the full Server client relationships.

I will no procede to explain the best that I can, what I want to try to do.

First off, situation. This is not medical, this is Charity Organization which have 2 offices in different towns, but close to each other. Inside each of the offices are 6 computers which are currently running various operating systems. They are not doing anything hardcore on these computers, mostly secretarial stuff like word and excel, maybe Peachtree Accounting is the most complicated software.

Here is what i want to do:
First I want to load win2kpro on all the users machines. A Cable modem is being purchased for each office from Comcast Cable. I want to first and foremost, connect all the computers to the internet- which is what they care about the most. Secondly, I want them to be able to share data and resources. Within each office, I want to set up printer sharing for 2 laser printers for all users in each office LAN. I think it would be benificial to have some way of file sharing between the two offices.

Now here are my questions:
Printer & File Sharing: Should I get a print server for the router in each office or can I get a computer that works as some form of a gateay where the 2 printers can be connected to it and I can also allow this to be a general storage facility by adding a hard drive. If the gateway option is the correct one, then what kinda specs should I get, should this have win2kpro or server (also if i install win2k server can i set it up for any user to log on anywhere and access his information stored on the gateway). This then leads me to ask if i need to set up a VPN so the two offices are sharing all the data, which might not even be neccesary.

I think right now I have summed everything up a little better. Any help would be appreciated.

Collapse -

Well

by Oz_Media In reply to Me Again

With your simplisctic needs I would still recommend the Linksys route, it is CHEAP. Not THE most secure system around but you get basic firewall, Port Address Translation and they also double as a print server. However, with 6 conections PER office I would ecommend adding a second router at each to act as a print server.

This is basic, easy as **** and cheap too. I know several simialr small home businesses and agencies that use it and it is doing exactly what they need.

Now if you want to get all security concious and worried about attacks etc and basically turn yourself into a security expert, I would recommend going with files servers at each end, running a reliable and stable network operating system such as Novell or Linux can offer. MS is nothing but **** waiting to happen when it comes to server security and reliablility.
You would then need 3-Com or Cisco routers at each end along with (in the case of Novell) Border Manager VPN software to secure it and provide the proper encryption.

All in al your looking at a ballpark of $25,000 Canadian to add the server hardware, routers and software. Now add many hours getting it all installed and cabled, setup is pretty easy. You will also be needed onsite or remotely for the next six to eight months to ensure everything is running as they want it and be able to reconfigure clients and services. After that time, you can ask to be held on a biweekly visit basis to check up but all should run OK unattended.


Or drop less than $250 but two routers with a print server and be done with it.

You can get as technical as people would like you to or you could just keep it simple.

The choise is yours.

Collapse -

Getting warmer ...

by dwdino In reply to Me Again

This information helps quite a bit. One thing you learn in consulting is to figure out and define exactly what the user will be doing and what the user wants. After this is defined you place the systems under them to support these needs.

So we have defined the following:

1) Shared accounting system (Peachtree)
2) High desire on internet connectivity
3) Print sharing
4) Possible file sharing

So we need:

1) Unified network (VPN) allowing all persons to use accounting system and printers
2) Low cost due to company type
3) System for file/print management

A few more questions though:

1) Are the laser printers network capable or must they be connected to a computer
2) What will be stored on file server?
a) Backup
b) Redundency
c) Time To Repair
3) Does this group qualify as Not For Profit? If so, leverage this in any purchases as most vendors will give discounts for such.

Being that this is a charity organization, one of your top priorities is cost. As OZ has mentioned, the Linksys solution is not bad. What you choose to implement must be stable, reliable, and have a low ongoing cost.

Microsoft desktops (windows 2000) are good because most people are familiar with the interface. The other side of that coin, is the security model. In a peer-to-peer network each W2K computer holds its own security records. This will force you to add every user (name & password) to each machine which they will contact.

Please understand that this project could easily tie you up for an extended stay. :)

Collapse -

Good point

by Oz_Media In reply to Getting warmer ...

"Microsoft desktops (windows 2000) are good because most people are familiar with the interface. The other side of that coin, is the security model. In a peer-to-peer network each W2K computer holds its own security records. This will force you to add every user (name & password) to each machine which they will contact."

Another way is to image drives if using new PC's or even upgrading all. Just build a couple of different images based on file access rights if needed. You can even build ONE at home, create an image and have everything preformatted by the time you are onsite.

Without backing up I don't know what network OS you are thinking of, especially if you're going to ADD a new file server. If one of the PC's is the files server, no need to worry. A simple peer to peer VPN, just like at home will do. Let the routers use the built in Port Address Translation and the built in encryption keys IF needed. I've done the EXACT same system utilizing a customized third party Real World Accounting package that is Unix based. It works fine, they have never ahd problems and it was fire and forget. Customer happy, cheap solution and I'm outta there.

Collapse -

USER Management

by RAGEDBULL In reply to Good point

This summer i worked in an office where they used win2kpro on each desktop, they had a server which had storage space. You could log on as any user anywhere. I was pretty sure there was a way to manage users on the network without installing each user on every computer. I can't set up some kind of client-server relationship, where one pc is the server for each office or both offices, and login is administered from this computer? Can't I install win2k Server on a PC and have this function as the server for users, also use this pc for storage, and connect all the printers to this computer? I was thinking I would use a method similar to this to manage all sharing and users anywhere on the network. does this work?

Collapse -

Yes you can BUT

by HAL 9000 Moderator In reply to USER Management

You'll need to use a GIGABIT Network instead of the 10/100 T Base and SCSI Drives in the File Server just for the speed.

But it will cost a lot more to do this way as well also a Dual Processor M'Board probably would not go astray either as a server that has a lot of work to do needs as much help as possible.

If you like you can contact me through the "Peer Listings" as I perform this type of work every day and let me know exactly what is required, what you're budget is and such like and I'll offer as much help as possible given the fact that I'm half a world away.

There is however another alternative and that is just don't walk into this area as it is a real nightmare for the unwary as business systems are completely different to home systems I've seen supposedly professionals setup a simple peer to peer network that is connected to the Internet through a Hub that is connected to a cable modem and the only way to share a file was to e-mail it to the other party. While that system still remains that way mostly I did setup the network connections and install all the network cable plates which when I arrived where not there and only had RJ45 connectors hanging on wires out of the walls but the company baulked at any more money being spent on security so other than some very simple AV products on every unit there is no security involved within that company.

Col

Back to IT Employment Forum
42 total posts (Page 2 of 5)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums