General discussion


Remote Access

By jgray ·

I am the Net Admin of a small WAN with 60 users spread over 3 locations. It is a windows 2000 AD domain. The main office in Dublin is conected via VPN to the other two office's in Cork and Galway (Ireland)
At present there is no dial up or remote access facility.
I know I could install a vpn client on the client systems and configure the broadband router to accept conections over the internet, But this does not seem very secure to me.

Has anyone any better ideas as to how to go about this, would installing terminal server with a dial up modem be a better option.

Thanks in advance


At present

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by johnnywatt In reply to Remote Access

This isn't a technical answer but more of my opinion. Which is what you are really asking for, anyway.
Using your current setup, I would use VPN for your remote users. Use an Ipsec/l2tp solution and this will be your most secure method. In fact, to get technical, it's transfered more secure than a standard POTS line, which carries no authentication or tunneling over your phone line. Who really cares because it's only 56k and a temporary connection? But, you already use VPN, so why are we questioning security for remote users? Terminal Services isn't the right method for remote users unless they are running an application that cannot run on WAN links (like Access or file-based dB applications) or slow connections like 56k lines.

My Answer: Configure your office to accept remote users using an IPSEC and L2TP solution.

Collapse -

by curlergirl In reply to Remote Access

Basically, any type of remote access is only as secure as the security of your user's logon IDs and passwords. Although dial-up remote access may be more secure than broadband, it is still totally insecure if someone gets hold of your dial-up phone number and a user ID and password. Also, it is much too slow for most users and certainly for any type of connection between offices where users have to actually work over the connection rather than just downloading a few files to work on locally.

The optimal type of connection, speedwise, for this situation would be a terminal server. And even though this would be much speedier over a dial-up than a traditional RAS dial-up connection, it is still pretty slow, especially compared to the speed of today's computers that most people are accustomed to.

VPN was really designed for use over a broadband connection, because it uses PPTP and/or IPSEC tunnelling protocol for security. This means that the data that is transmitted over the VPN connection is protected. IPSEC is more secure than PPTP, but a lot of older OS's don't play well or at all with IPSEC.

What I would say would be the best possible solution would be a terminal server over a broadband VPN connection - best combination of speed and a reasonable level of security.

Hope this helps!

Collapse -

by sgt_shultz In reply to Remote Access

why do you feel vpn client is insecure? i would go with the vpn access...

Collapse -

by ozi Eagle In reply to Remote Access


You could consider pcAnywhere. It has several connection modes (dial up, network, dsl, direct). It can be daisy chained, ie dial into one computer then use that computer to connect to another computer, via another remote / host link. Useful for networked computers.

I use it for remote maintenance of clients systems because it is simple to install and setup, is secure when using dial up mode and also the client pays long distance charges because I set it up to ring me back after requesting a session. This ring back feature, I believe, also provides greater security, because if some hacker manages to get into the system it will hang up after the handshake and ring a predetermined number, yours not the hackers.
I buy pcAnywhere for about Australian$60 for one OEM host and remote. Different packages with multiple host licences are also available.

Collapse -

by bbahar In reply to Remote Access

First of all, VPN IS secure, you can be sure for that.
I have a very bad performance experience to access TS with dial up modem. Had you tried access Terminal Server through Internet ?

My suggestions :
(1) I presume the other offices has some kind of connection to Internet. Try to get permenant IP from your ISP for them.
(2) Allow access to your network at your router only for these IPs.
(3) Depend on your policy, you can give them access to company's data as they're in your LAN.

Good Luck !

Related Discussions

Related Forums