Ah Peter take a leaf out of your old employers book, connecting to a big Uni. XP SP2 firewall does firewall pptp vpn's. When connecting into any of my client sites the firewall is always on. Try it with zonealarm and see how many pop ups there are. Some networks are rife. If the IP ranges are the same the VPN will still connect but you won't be able to connect to anything, remember doing that in the old, now defunct totalhealth offices ?
ICS is banned everywhere I go. Andrew.C -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Twyford Sent: Monday, 12 March 2007 10:56 AM To: General Practice Computing Group Talk Subject: Re: [GPCG_TALK] Internet redundancy Peter Machell wrote: > > A VPN tunnel connects and routes traffic between two or more networks > as if they were on the same LAN. Usually, you will be using the same > IP range for both sides, negating your software firewall (as it is set > to not block LAN traffic). No the two networks have different IP ranges, that is a requirement ith the technology in use. > So a worm like Nimba that can spread through the MS SMB ports (File > and Print Sharing) would just bounce straight through the VPN and > infect everything. Nup, these don't come into play at all. Remote printing relies on the PcAnywhere remote printing facility. > You probably don't have all 65K ports open on your PC, provided it's > XP > SP2 or better, but I argue that exposing anything just for the purpose > of remote access is a problem. How can you have remote access without exposing something on the host lan to whoever is wanting access from the remote lan, by some means or other? > Also, if one of the PCs on either network is acting as a router (ICS, > Wireless Ad-Hoc) you don't even know what you are exposed to. Nup, we don't do that either. > SSH is an elegant solution to this problem. You only need one port > open on a router, and can set it so there is no access to any of the > system except the tunneled connector port for RDP or similar. You can > easily use a secure token and / instead of a password. Once setup, the > connection is dead easy for the user to operate, etc. The VPN relies on the IKE, the IPSEC encryption, the host's Windows password and the access password for VNC or PcAnywhere. Again, I need to check for myself what port or ports are involved, which is something I should know. Greg -- Greg Twyford Information Management & Technology Program Officer Canterbury Division of General Practice E-mail: [EMAIL PROTECTED] Ph.: 02 9787 9033 Fax: 02 9787 9200 PRIVATE & CONFIDENTIAL *********************************************************************** The information contained in this e-mail and their attached files, including replies and forwarded copies, are confidential and intended solely for the addressee(s) and may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the intended recipient, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication or any action taken or omitted to be taken in reliance upon this message or its attachments is prohibited. All liability for viruses is excluded to the fullest extent permitted by law. *********************************************************************** _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
