hi guys,
i am hoping you can help me out with your opinions.
so i recently starting to help maintain a network for this very small business. it's very basic. 1 DC/server & 3 workstations. they are all hooked up to 3Com Baseline Switch 2126-G. due to the way it was setup, not by me, the boss + 1 other employee (of the only 3 employees there are) remote desktop into the server directly from outside the lan sometimes. as no vpn was setup for them to securely get into the network, i was thinking of setting up something basic on a headless workstation. i've really enjoyed using Adito as an ssl vpn to rdp over, ever since i heard of it in season 6. the comcast business modem has a built in firewall that we use. for the mean time, i had at least changed the default rdp port to something more obscure. as we all know, that's a no no to leave any port open directly to a server in a network for a business, despite it not passing any login info in cleartext over the connection in windows server 2008's rdp.
so my question is: i want to implement a small adito vpn server. i can easily set it up, but will this be better than what is currently setup...?
(layout below)
isp ---> modem(built-in firewall) ---> switch ---> workstations + vpn server.
if i were to leave the only 1 open port to the network pointing to the vpn/adito server, that would still be better than the way it's currently setup, right? let me know if i need to make myself a bit more clear
thanks!