I was in the same problem just on January, and this is what we decided: - Users only can connect to the network if they use an office notebook with a VPN configuration - Users who wants to login from different computers, just can access to a public fileserver (where we store public information) in the DMZ zone. - Access to databases and intranet are only allowed through VPN connections. Mauricio Fernández S. IT Manager Tel. 591- 445-25160 Fax. 591- 441-15056 mfernandez@xxxxxxxxxxxxxxx www.fdta-valles.org Cochabamba - Bolivia -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Chris Berry Sent: Thursday, May 12, 2005 7:28 PM To: windows2000@xxxxxxxxxxxxx; oclug@xxxxxxxxx Subject: [windows2000] Remote connection Our company has reached the stage where some managers are starting to want remote access to the network from the road and/or their house. The obvious solution is to install a VPN, however they are insisting on using their own equipment for cost/convenience reasons. Given that several of these individuals are routinely infected, manage to delete their own firewall software, etc. I'm not too excited about the prospect of opening our network up that way. My first response was to insist that they either use company equipment, or have a second drive/partition set up by IT and used only for work. This is not proving as easy, cheap or convenient as it needs to be to convince them. At the moment we're deadlocked on convenience/price vs. security. One possiblity I've been thinking about is terminals. I won't be able to control the OS of the users system, and it's most likely to be some flavor of MS, even though we're heading towards a mixed environment here at work. If a user opens up a remote terminal window on an infected home machine, can the infection migrate from the host to the terminal session? Are there any security implications here? I'd like to solicit some additional opinions on options of how to handle this situation. I'm in the research phase right now, so any and all possible solutions are welcome. -- Chris Berry chris_berry@xxxxxxxxxxxxxxxxx Information Advisory Manager JM Associates "There is nothing so useless as doing efficiently that which should not be done at all." --Peter Drucker ******************************************************** This Weeks Sponsor: Straymonkey.com Excellent web templates, fonts, and downloads on this new site brought to you by The Kenzig Group http://www.straymonkey.com ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm