Jump to content

Basic Vpn Setup/layout Question


skipples
 Share

Recommended Posts

hi guys,

i am hoping you can help me out with your opinions.

so i recently starting to help maintain a network for this very small business. it's very basic. 1 DC/server & 3 workstations. they are all hooked up to 3Com Baseline Switch 2126-G. due to the way it was setup, not by me, the boss + 1 other employee (of the only 3 employees there are) remote desktop into the server directly from outside the lan sometimes. as no vpn was setup for them to securely get into the network, i was thinking of setting up something basic on a headless workstation. i've really enjoyed using Adito as an ssl vpn to rdp over, ever since i heard of it in season 6. the comcast business modem has a built in firewall that we use. for the mean time, i had at least changed the default rdp port to something more obscure. as we all know, that's a no no to leave any port open directly to a server in a network for a business, despite it not passing any login info in cleartext over the connection in windows server 2008's rdp.

so my question is: i want to implement a small adito vpn server. i can easily set it up, but will this be better than what is currently setup...?

(layout below)

isp ---> modem(built-in firewall) ---> switch ---> workstations + vpn server.

if i were to leave the only 1 open port to the network pointing to the vpn/adito server, that would still be better than the way it's currently setup, right? let me know if i need to make myself a bit more clear

thanks!

Link to comment
Share on other sites

despite it not passing any login info in cleartext over the connection in windows server 2008's rdp.

The easiest most flexible solution would probably be to use SSH server, a 'traditional' VPN would require virtual network adapters and similar, and, tbh, there is no need to go to that hassle unless there is a good reason for the computer to virtually be on the network.

Link to comment
Share on other sites

thanks for your reply, sparda. well, i was going to setup the adito on a linux box of course. i guess im confused on your ssh server comment. how would the ssh server, despite for my personal use, be beneficial to the end user in this case? i guess another reason i'd like to use linux+adito to initiate that secure connection is so i can monitor incoming connections to that port/box better. i haven't had the best of luck setting up filters on 2k8's built-in firewall.

crap, now you have me second guessing myself. i thought i was on the right track closing off the open port directly to that production server, which houses confidential info at times. it's a necessity for those 2 other people to have direct RD access into it from outside the network, due to the current setup.

Edited by skipples
Link to comment
Share on other sites

oh, i'm sorry. i guess i misread what you were saying about all that. although that is a simple alternative too, it's not the easiest way to the end user maybe? you'd have to setup putty for them, etc. yes, one of them uses xp at home, but the boss uses a mac.

i'm a huge user of ssh for all kinds of things so i love that option, but is there any real advantage over that compared to using the web based ssl/vpn adito?

Link to comment
Share on other sites

I think Adito would be a good option, for a VPN set up. Since you can allocate local resources and access them over the internet, without having to open too many port forwarding on the firewall, a good practice from a security standpoint.

But on the other hand SSH would be a bit more secure than the SSL VPN itself.

Just my option, by the way.

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...