Peter Machell wrote:
A VPN tunnel connects and routes traffic between two or more networks as if they were on the same LAN. Usually, you will be using the same IP range for both sides, negating your software firewall (as it is set to not block LAN traffic).
No the two networks have different IP ranges, that is a requirement ith the technology in use.
So a worm like Nimba that can spread through the MS SMB ports (File and Print Sharing) would just bounce straight through the VPN and infect everything.
Nup, these don't come into play at all. Remote printing relies on the PcAnywhere remote printing facility.
You probably don't have all 65K ports open on your PC, provided it's XP SP2 or better, but I argue that exposing anything just for the purpose of remote access is a problem.
How can you have remote access without exposing something on the host lan to whoever is wanting access from the remote lan, by some means or other?
Also, if one of the PCs on either network is acting as a router (ICS, Wireless Ad-Hoc) you don't even know what you are exposed to.
Nup, we don't do that either.
SSH is an elegant solution to this problem. You only need one port open on a router, and can set it so there is no access to any of the system except the tunneled connector port for RDP or similar. You can easily use a secure token and / instead of a password. Once setup, the connection is dead easy for the user to operate, etc.
The VPN relies on the IKE, the IPSEC encryption, the host's Windows password and the access password for VNC or PcAnywhere. Again, I need to check for myself what port or ports are involved, which is something I should know.
Greg -- Greg Twyford Information Management & Technology Program Officer Canterbury Division of General Practice E-mail: [EMAIL PROTECTED] Ph.: 02 9787 9033 Fax: 02 9787 9200 PRIVATE & CONFIDENTIAL *********************************************************************** The information contained in this e-mail and their attached files, including replies and forwarded copies, are confidential and intended solely for the addressee(s) and may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the intended recipient, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication or any action taken or omitted to be taken in reliance upon this message or its attachments is prohibited. All liability for viruses is excluded to the fullest extent permitted by law. *********************************************************************** _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
