Small business VPN security?

[TS]

What security measures are recommended and practical for a small
business with fewer than 20 remote users/telecommuters on home PCs
etc.?

Are there ways to prevent connection unless up to date and functioning
anti virus program and software firewall is running on the VPN client
and so on?

I have also thought about having remote users use terminal services
rather than connecting their personal PCs directly to the network
through VPN, but I heard terminal services client licensing is very
expensive.

 

[Matt Coy]

Windows Server 2003 Pricing
http://www.microsoft.com/windowsserver2003/howtobuy/licensing/pricing.mspx

 

[Lanwench [MVP - Exchange]]

With home computers, you are never going to be able to ensure that they've
been properly secured, let alone figure out to support them if the user has
any connectivity issues, as you don't know what's on them. There are third
party IPSec VPN solutions that will disable all non-VPN traffic once the
tunnel has been established, but that will not protect you from trojans,
virii, whatnot, that may be on the client computer.

If you can't allow access only from corporate laptops that you've configured
and locked down properly so that the users cannot make any changes, you
really should look into terminal services on a dedicated TS box....yes, it's
somewhat expensive, but probably less so than recovering from a major
network failure should a compromised machine end up compromising your
network.

 

[Jeffrey Randow (MVP)]

The type of system you refer to in your second paragraph is now
available when using a Windows 2003 Server-based VPN. It will allow
you to quarantine an incoming VPN or dialup connection in order to
update it's AV and patches prior to allowing it to access the main
network... It is a bit complicated to setup, though, as it requires
scripting resources to work...

Jeffrey Randow (Windows Net. & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Smart Display Support - http://www.smartdisplays.net
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone