--------------------------------------------------------------------- SearchWin2000.com's Administrator Tip --------------------------------------------------------------------- TODAY'S ADMINISTRATOR TIP: Save your bacon with a VPN ===================================================================== SPONSORED BY: VeriSign - The Internet Trust Company ===================================================================== Protect your servers with 128-bit SSL encryption! Get VeriSign's FREE guide, "Securing Your Web Site for Business." You will learn everything you need to know about using SSL to encrypt your e-commerce transactions for serious online security. Click here! http://www.verisign.com/cgi-bin/go.cgi?a=n016030120008000 <http://www.verisign.com/cgi-bin/go.cgi?a=n016035440014000> ===================================================================== "Save your bacon with a VPN" By David Gabel When you have a lot of remote users, and who doesn't these days, you need some way to connect them to the home office. But at the same time, you need to make sure that they are connected securely. That means, no one can see what the user is doing, and, similarly, outsiders can't piggyback onto your remote users' connections into the home office and wreak havoc. VPNs are one solution. These software constructs surround your network connections to your remote folks with layers of encoding, controlled by various protocols, that make it tough (nothing is impossible) to break into the channel. This way the legitimate users can connect to your home office and get the data they need, while outsiders are kept...outside. VPNs increase overhead, so operation will be slowed down quite a bit. For example, I interrupted writing this tip to test the connection speeds here at my remote office with three computers. All the computers are connected through a cable router to a local cable ISP. One is a Sony Vaio PCGF520, with 200M bytes of RAM and a 500-MHz processor. It's connected to our corporate VPN. One is a Dell Dimension with a 750 MHz Pentium III processor and 256M bytes of RAM, not connected to the VPN, and the third is a slow old dog, a Gateway P5-90, upgraded to 200 MHz, with 40M bytes of RAM. The last one can barely get out of its own way, and I use it more as a print server and modem server than anything else. I went to PC Pitstop (www.pcpitstop.com) and conducted that site's Internet download test, downloading 500K bytes into each computer. The old dog came in with a speed of 866K bit/sec., not great, but not awful (the connection has a theoretical max speed of 10M bit/sec. The Dell speedster delivered some impressive performance, clocking in at 1619K bit/sec., only about 16% of the theoretical max, but still double the speed of the old dog. Neither of these is connected to our corporate VPN. But the Vaio, which isn't any slouch, and is connected to our VPN, dawdled along at only 625K bit/sec., 241K bit/sec. slower than my resource-starved old dog. That test isn't definitive, of course, but it gives an idea of the performance hit your users may take with a VPN. Moreover, some VPNs are a bit cranky. Frequently we'll see a message from some erstwhile remote user of our VPN that he's unable to stay on it. Personal experience indicates, however, that the good days FAR outnumber the bad, and it's clear that the security advantages hugely outweigh the performance disadvantages of using a corporate VPN for remote connections. Microsoft has a new link on its home page that takes you to a page headed Professor Windows (http://www.microsoft.com/technet/profwin/default.asp) that discusses deploying VPNs. This page will probably give you more than enough information to get you started in deploying your own VPN. If you want to give setup a try, follow the procedure below, which is on a link from the Professor Windows page. (One note of caution -- this page will probably change content periodically, so if you go to it in a month or so it may not discuss VPNs any more.) "To configure a VPN server, your computer must have at least two interfaces. To setup a Windows 2000 server for VPNs, use the following procedure: 1. Open Routing and Remote Access console in the Administrative Tools folder 2. Right-click the server and then click Configure and Enable Routing and Remote Access 3. The Routing and Remote Access Server Setup wizard starts; click Next 4. Select Virtual private network [VPN] server, and click Next 5. Select or add a remote client protocol and click Next 6. Specify the Internet connection for the server and click Next 7. Choose a method to assign IP addresses to the clients, either automatically or from a specified range of addresses, and click Next 8. The next screen gives you an option to either configure this server to use a RADIUS server or skip this step for now 9. Click Finish to complete the Routing and Remote Access Server Setup wizard." Using a VPN isn't a simple matter, but you can start to test and make sure you have the bugs out of your installation. Then follow with deployment as the installation proves its worth. --------------------------------------------------------------------- David Gabel is executive technology editor of techtarget.com, parent of searchWin2000.com. ===================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DID YOU LIKE THIS TIP? ===================================================================== Whether you loved it or hated it, why not let us know? Just email us at mailto:[EMAIL PROTECTED]. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ===================================================================== SPONSORED BY: Quest Software ===================================================================== FastLane ActiveRoles 3.0 provides enhanced policy enforcement for Active Directory, Windows 2000 and Exchange 2000. Administrators can perform role-based administration over the existing Domain/OU structure, in addition to creating alternative business views, which can consist of any combination of Active Directory objects. The administrator can also define and enforce corporate policies to ensure consistent directory data across the enterprise. For more information go to http://www.quest.com/ads/active_roles_SearchWin_4-24.asp. ===================================================================== FEATURED BOOK ===================================================================== "Demystifying VPN (Virtual Private Networks)" Author: Michael Busby Publisher: Wordware Publishing Published: Nov. 2000 "Demystifying VPN" is intended to help those individuals with little or no knowledge of internetworking understand VPNs and how they fit into the overall networking environment that includes TCP/IP. The material is presented in a logical fashion, beginning with the basic business reasons for selecting VPNs as a communications solution to the fundamentals of networking and the complexities of VPNs. http://www.digitalguru.com/dgstore/product.asp?isbn=1556226721&ac_id=73 ===================================================================== TIP OF THE MONTH CONTEST! ===================================================================== Introducing searchWin2000's Tip Exchange -- a place for you and your peers to read and submit technical tips! The Administrator tip category is really hot! We've already received over 40 user-submitted tips! Check them out today and be sure to vote on them, because tip ratings count toward winning the ultimate prize -- a Sony Vaio Music Clip 64MB MP3 Player! Submit your own tip while you're there, and you'll be eligible to win, too. (Categories include Administrator, Developer, Exchange, Security and Migration.) http://searchwin2000.techtarget.com/tipsIndex/0,289482,sid1_tax5e3,00.html --------------------------------------------------------------------- TAKE OUR NEW SURVEY --------------------------------------------------------------------- Don't miss out on your chance to be part of an extensive survey being conducted by searchWin2000 and a handful of other techtarget.com sites. Here's your chance to weigh in on what platform or platforms your company uses to run mission-critical applications. Also, tell us what your ideal network would be and what you would do if you could make all of the technology decisions for your company. Just click on the link below to take the survey now. http://www.insightexpress.com/ix/showSurvey.asp?id=26642&accessCode=5477574934&noemail=true ===================================================================== VISIT OUR DISCUSSION FORUMS! ===================================================================== And don't miss out on searchWin2000's popular Administrator forum! Get in touch with peers, stay up-to-date on the latest administration issues, and get help with your own Win2k woes. Check it out at http://searchwin2000.discussions.techtarget.com/WebX?[EMAIL PROTECTED]^[email protected]. ===================================================================== To Remove your email address from the distribution list for this specific newsletter "Reply" to this message with REMOVE in the subject line. You will receive an email confirming that you have been removed. To Remove yourself from additional distribution lists or to update your preferences, go to the searchWin2000.com registration page at: http://searchWin2000.techtarget.com/register
