Peter Machell wrote:
On Wed, March 7, 2007 6:01 pm, David Guest said:
Greg Twyford wrote:
How is the problem of insecure remote networks any better with SSH
RDP, as you call it?
If someone can get control of your remote PC via an insecure wireless
network, and you are running SSH to the surgery, couldn't they wreak
as much havoc as the two-year old playing with the remote PC when its
in VPN mode?
Greg
I think the idea is that if they get into your surgery they cannot get
back the other way to the remote connecting machines. The trouble with
VPNs is damage can keep cascading through the connected but physically
remote networks.
I'm sticking with SSH RDP.
Number of open ports required for SSH connection to any PC on your network
= 1
Number of open ports required for VPN access to a single PC on your
network = 65536 x # of PCs
Unless you have something better than the Windows firewall on each system,
the above is true. IPSEC VPN has it's place - joining two networks that
can be totally trusted.
For remote access it's extreme overkill and a security risk, IMNSHO.
cheers,
Peter.
Peter,
It's a hardware-based IPSEC VPN I'm talking about. The tunnel is set-up
to allow access from the remote to the practice and no tunnel back the
other way. VNC or PcAnywhere [if remote printing is desired] run inside
the tunnel. Separate tunnels are setup for each machine to be accessed,
usually only one or two, as they are left running and are on a UPS.
I'm not sure if the very high number of open ports you mention is needed
in this scenario. Admittedly the routers in question handle this
silently, but I thought only one.
Greg
--
Greg Twyford
Information Management & Technology Program Officer
Canterbury Division of General Practice
E-mail: [EMAIL PROTECTED]
Ph.: 02 9787 9033
Fax: 02 9787 9200
PRIVATE & CONFIDENTIAL
***********************************************************************
The information contained in this e-mail and their attached files,
including replies and forwarded copies, are confidential and intended
solely for the addressee(s) and may be legally privileged or prohibited
from disclosure and unauthorised use. If you are not the intended
recipient, any form of reproduction, dissemination, copying, disclosure,
modification, distribution and/or publication or any action taken or
omitted to be taken in reliance upon this message or its attachments is
prohibited.
All liability for viruses is excluded to the fullest extent permitted by
law.
***********************************************************************
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
