[windows2000] Re: VPN to my server

  • From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
  • To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
  • Date: Wed, 13 Nov 2002 14:22:50 -0500


First and foremost, verify that they are setting up a true VPN.  Ensure that
their instructions refer to either PPTP (probably not, because MS created
this, and if they are a *nix shop, they probably won't touch it with a ten
foot pole) or IPSec over L2TP.

IPSec over L2TP is the more preferable of the two.

The other option is SSH, which I have little experience with, but it might
be what they offer.  If so, take a look at a program called Putty for the
client piece.

As to the other questions...

Are you making a direct VPN connection to your new server, or to a VPN
concentrator on their network?  If it is direct to your server, make sure
there are a limited number of users with access, with complex passwords.  If
you are connecting to a VPN concentrator, are there rules that limit where a
logged in user can go when they connect?  

For example, you may have the best username/password combination in the
world, but if there are no access rules on the VPN concentrator and someone
else has a poorly thought out username and password, you could be vulnerably
by proxy, so to speak.

These rules are what may limit, for example, connections FROM your IP
address TO the web server.

As to connecting directly to terminal services, theoretically it is safe to
connect directly but I would not trust that.  This machine should only be
accessible via port 80 (and/or 443) to the outside world.

Ask more questions if you want, but I hope this helps,

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc.

-----Original Message-----
From: Costanzo, Ray [mailto:rcostanzo@xxxxxxxxxxx]
Sent: Wednesday, November 13, 2002 2:05 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] VPN to my server

Hi list,

So, the answer to my question could be "ask your hosting company" but
I'd like to try to know a thing or two before I do that.  I just bought
a dedicated W2K Advanced Server to host a web site.  The hosting company
is primarily a Unix company, and they offer very little W2K support.  I
told them that would be okay as long as I have Terminal Services access
to the server over a VPN.  They're fine with that, and they said they'd
set it up.

Okay, so right now, they could e-mail me and say "you need to install
this software on your computer, and this is how you access your server"
and what they tell me may be the kind of thing that someone who knows a
lot about VPNs would look at and cringe.  Like, I won't really know if
the software that they're using sucks.  And I won't really know if the
VPN is setup securely or properly or anything at all.  Can anyone give
me an idea of what I should look for to double-check their work, so to
speak?  Like, should I be connecting through SSL?  Should the connection
only allow connections from my IP address?  What else should I look for?
I don't know anything about VPNs or VPN software.

Oh, one other question I suppose.  Is it possible for me to securely
access the server over the Internet through Terminal Services without
any third party software on the server (or my machine)?

Thanks a lot,

Ray at work

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.


To Unsubscribe, set digest or vacation
mode or view archives use the below link.


To Unsubscribe, set digest or vacation
mode or view archives use the below link.


Other related posts: