Hi James,
Sorry no gateway device in place. Just a basic IPsec VPN between our internal LAN and the network at our Data Centre. We operate 2 x GB-2500 firewalls from GTA, at our Data Centre we're using 2 x Cisco ASA 5520's for resilience. Regards, Rab. ============================================================= Robert Jackson Phone: +44 (0) 141 332 7999 IT Manager Fax: +44 (0) 141 331 2820 Walker Martyn Ltd 1 Park Circus Place Email: [email protected] <mailto:[email protected]> Glasgow G3 6AH, Scotland Web: http://www.walkermartyn.co.uk <http://www.walkermartyn.co.uk/> ============================================================= From: James Rankin [mailto:[email protected]] Sent: Thursday 07 July 2011 10:43 To: NT System Admin Issues Subject: [email protected] - Re: How To Stop/Limit Attempted Hacking Over The Internet - Found word(s) risk free in the Text body What sort of VPN solution are you using? Don't you have a device (like a Citrix Access Gateway) sitting between your servers and the external world to facilitate secure connections? On 7 July 2011 10:30, Robert Jackson <[email protected]> wrote: We're having an issue at our Data Centre, where by our customer Internet facing Terminal Servers are under attack on a more frequent and sustained basis. We have selectively been blocking the offending public addresses. However as you can imagine, this exclusion list will only continue to grow and become unmanageable. As of yet we do not have any ACL's in place that identify the our/customer traffic from non-customer traffic - which is pretty much the root cause of this issue. It is like this for a couple of reasons: 1. Some of our customer users have the ability to connect to these servers from their homes (i.e. access out with their parent company LAN) where their broadband connection would potentially have a dynamic IP address. 2. From our own perspective, if we were to lock down access to these servers by IP addresses, then we ourselves become at risk (in terms of not being able to provide customer support, especially since we have some pretty rigid SLA's in place). If the VPN to our Data Centre goes down, we would have to send people home to continue working. Therefore we have the same issue(s) as outlined in point 1. Above. Therefore I would be interested to know how other people are handling the same/similar situations and any recommendations you may have? Regards, Rab. ============================================================= Robert Jackson Phone: +44 (0) 141 332 7999 IT Manager Fax: +44 (0) 141 331 2820 Walker Martyn Ltd 1 Park Circus Place Email: [email protected] <mailto:[email protected]> Glasgow G3 6AH, Scotland Web: http://www.walkermartyn.co.uk <http://www.walkermartyn.co.uk/> ============================================================= ************************************************************************ The information in this internet E-mail is confidential and is intended solely for the addressee. Access, copying or re-use of information in it by anyone else is unauthorised. Any views or opinions presented are solely those of the author and do not necessarily represent those of Walker Martyn Ltd or any of its affiliates. If you are not the intended recipient please contact [email protected]. Walker Martyn Ltd, company number SC197533. Company is registered in Scotland and has its registered office at 1 Park Circus Place, Glasgow G3 6AH, UK. **************************************************************** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ***** IMPORTANT INFORMATION/DISCLAIMER ***** This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress...... The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets At Home yesterday. We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
