From: jcmorris@mitre.org   
      
   "@@bogus" wrote:   
      
   > My boss needs to access the network resources from his home. Mainly the   
   > files on the system. Can you explain to me from a user perspective how it   
   > works?   
      
   > - When the user connects to the network what does he see? and how would he   
   > be able to use a mapped drive?   
      
   The answer depends on how your system/network is connected to the   
   Internet.  More below...   
      
   > - My next question is do I have to be running terminal server?   
      
   Not necessarily.  Again, more below...   
      
   >                                                           I am thinking   
   > of the Symantec SGS 320 or SGS 360R which allow client to gateway. Our   
   > current device supports gateway to gateway, so we will probably put it at   
   > his home and put the new one in the office.   
      
   I don't know those products; from the subject: line of your posting I   
   assume that the are VPN appliances.   
      
   Essentially, a VPN ("Virtual Private Network") provides a secure bridge   
   between two trusted nodes across an untrusted path, using encryption   
   to ensure the security and integrity of the data while it is passing   
   through the untrusted segments.  A frequently-used comparison is to the   
   US Mail: you seal a message in an envelope in your (trusted) home; send   
   it through the (untrusted) Post Office, who delivers it to the (trusted)   
   home of Aunt Emma, who opens the envelope.   
      
   With a VPN, the client machine is typically opening a path directly to   
   the *network* of an organization, and has most of the "rights and   
   privileges" of computers that have a direct physical connection to   
   the company's network.  In many cases, the remote user with a VPN   
   connection can do everything that a local user can do, and unless   
   you would use it from a machine at the office there's probably no   
   need to use the MS Terminal Services feature from home.   
      
   One critical issue for your boss is where the VPN client resides.  If   
   it's an external box that sits between his home network (or standalone   
   computer) and the Internet, then the above is probably correct.  If   
   the client is a software package installed directly on his system,   
   he may be able to connect to the network, but might *not* be logged   
   into your network operating system and thus would not automatically   
   have access to its resources.  This isn't an insurmountable problem   
   but can take a long time to explain.   
      
   And even if you're comfortable with the *functional* issues, *PLEASE*   
   have someone competent in network security go over your implementation.   
   It's far, far too easy for a network change -- especially one which   
   provides a path that bypasses your firewall -- to inadvertently open   
   a catastrophic security hole that lets the nasty people into your   
   network.  And don't forget the need to have firewall logs and a   
   decent IDS ("Intrusion Detection System") -- and have someone who   
   is qualified to, and does, routinely review the firewall and IDS logs   
   for suspicious activity.   
      
   Joe Morris   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)