Virtual Private Networks

[Ethan Robert]

Hi,

As per the requirements in the organization we work, we need to allow a private virtual network of all to access the files or web services within their PCs. I browsed the internet to acquire the knowledge on the same but was unable to achieve fruitful results.

Anybody please suggest some software that has the ability to share over two standard protocol units. We require some easiest way to protect our company’s data. We need security at times of incidents like rootkit attacks and zero-day vulnerabilities.

Any help in this regard would be highly appreciated.

Thanks,

E.Robert

[Samuel Jacob]

Have you heard about the technology called Desktop Virtualization?

Numbers of software vendors are rolling out desktop-virtualization offerings. They simply manage entire lifecycle of virtual desktops making it easy to create, deliver, secure, update, and control the virtual desktop.

You can look forward depending upon the requirements at your organization.

[Derek Zeller]

The question is somewhat unclear.

If you need VPN-access there's always the built in functionality of RRAS in Windows Server 2008 and a lot of 3rd party products.

If you need to secure your clients you could always use bit locker if you run Windows Vista, combined with a server/domain-isolation with a NAP-solution you could ensure that only approved clients can connect to your servers. Protection against viruses and malware could be provided by any 3rd-party product or Windows Defender / Forefront client security.

[Samuel Jacob]

Choosing the best method really depends on what kit you've got in place already and your budget as most VPN technology is pretty much along the same lines.

If you've got a "good" external firewall, then you should be able to setup PPTP or L2TP VPN tunnels directly to that from the clients. Some firewalls even come with their own software clients that you install on the client PC. Otherwise most OS's will allow you to create VPN's natively.

Personally we run a mixture of software controlled VPN clients as well as windows created PPTP VPN's to different office(s).

Will these protect from rootkits and 0-day vulnerabilities? Not really. However, you can back them up with a solid set of security practices, covering things from smallest surface area, least privileges, port and packet filtering to anti-virus and sign agreements / acceptable use documents.

[Ethan Robert]

You mean something like a Virtual PC? Like this:

http://www.microsoft.com/windows/pro...c/default.mspx

[Derek Zeller]

As far as virtual PC is concerned, there are many vendors doing well in Virtual Desktops. Have you ever ran virtual machines, if not, I would recommend finding a vendor (VMWare, Xen, Virtual Iron, etc) and getting comfortable with local desktop vm's. Once you start looking at the server versions, things get a little more complex.

[chipsafts]

We have a Watchguard firewall and run VPN poptop on a Fedora4 pc that is behind the firewall, with the outside pc's using the "builtin" vpn clients that come with XP and Vista.
The connections can be established and internal ip addresses can be reached. But how can it be setup so that the external connections can see the LAN names which are in the internal DNS (which is hosted on a different server)?

[Resmin Hier]

I guess Ethan is correct to much extent. The discussion is directing towards something like Virtual PCs.

I have heard about the technology called “Predictive Fetching” that helps virtual computers start faster and update quickly. This technology is even cost effective and tune faster with existing configurations. Which means you’ll be able to decrease user downtime and increase user satisfaction. There are number of vendors providing similar offerings. In the recent news, it was mentioned that the version 1.0 of MokaFive's Virtual Desktop Solution is a complete virtual desktop package.

You can check it out at:

http://www.mokafive.com/

[Ian Henry]

Right Resmin. With MokaFive, you can test new applications without fear of damaging your system. In fact you could plan to expand to new areas as well.

[Resmin Hier]

MokaFive is proving itself. Their unique format for creating virtual machines is called LivePC which updates dynamically, works from anywhere, and starts up in an instant. MokaFive centrally manages the entire lifecycle of users' virtual desktops making it easy to create, deliver, secure, update, and control the virtual desktop.