|
|
|
|
☻Microsoft
Exchange Server Email Hosting
☻Cloud Computing - Host your
computer system or keep hosted email in our
datacentre
☻Fixed cost IT contracts
☻Professional IT support right when you need it
☻Full computer network support provided by skilled
professionals
☻Providing IT Support services across London and the Home
Counties
☻Microsoft Operation System server support
☻Microsoft Operating Systems PC Support
☻Dedicated help desk with remote support
|
|
|
| |
|
work your office from
home...
The
easiest and best way to connect people these days is via the
internet. Although there is a lot of talk of security issues and
reliability, the savings far outweigh the occasional blip in
services and so many companies successfully use VPN (Virtual Private
Networking) now that the amount of encrypted traffic almost
precludes trying to steal information just because . Those who are
looking for encrypted traffic just to try their hand as a hacker
there will always be spoiled for choice when it comes to easy
satisfaction anyhow. The original CHAPS v1 of PPTP that was originated by Cisco and has
been used by Microsoft for some time can be broken into completely
just by downloading a simple software (L0phtcrack)
that could derive the username and password of a user who is logged
in without their knowledge and then use that data to login.
Microsoft have improved the encryption and mechanism of their system
by upgrading to MS CHAPS v2 but there are still flaws in the system,
for instance that enough data is passed on the wire to allow
attackers to mount crypt-and-compare attacks.
|
|
|
 |
As a result of
all this the security market was left open for other companies to offer
alternatives to the home user such as 3DES, L2TP and more recently
the AES Rijndael
encryption
algorithm. Whichever method you are using - although don't use MS CHAPS
v1, there are upgrades available no matter what OS you may be using -
you can instantly see why this technology is so popular - coupled with
internet broadband it allows you to be sitting on your office data
network from anywhere in the world. Once combined with VoIP (Voice over
Internet Protocol) then you can have your office phone and data at your
fingertips at the price of connecting to the internet. No more claims
for phone calls or dial-in networking for you, you can just get on with
your work!
I was at a
meeting with some other IT Directors the other night and the consensus
was that tele-working was the next big operation that we should all be
prepared for. I was actually surprised that anyone even bothered
mentioning it, the situation is so obvious. |
|
There is no right or wrong answer to which
technology will suit you for VPN but lets have a quick comparison of the
most common options so that you can choose something that is better
suited than most.
| Supplier & Name |
Type |
Encryption |
Pros |
Cons |
| SonicWall VPN 2000 |
Hardware
Unit |
SSL/HTTPS |
- Easy to use and configure
- One off unit cost - no
license per user
- No client software - works
using SSL like a credit card purchase on the web
- Because its SSL it fits
neatly behind firewalls
- Customised portal for each
user
- Active Directory/RADIUS/LDAP
Integration - no password/username setup for client or
admin
|
- Expensive compared to PPTP
solutions
- Is based on browser
functionality - could bring problems with IE security
- Is not a seamless connection
- user experience is not consistent with a LAN
- Email clients
|
| Microsoft PPTP |
Software with WinNT,
95, 98 2000 & ISA etc or hardware on many broadband routers |
MPPE
(Optional) |
- Comes free with recent
Windows versions (since 95)
- Is freely upgradeable to
CHAPS v2
- Simple to configure
- 'Dial-In' style is good for
users and the experience is consistent with being in the
office once dialled in
- Supported by Macintosh and
Linux
|
- CHAPS v1 is easily breakable
and should not be used
- MPPE
encryption is optional and so clients can be a security risk
unless keenly monitored to be sure they are using it
- Viruses etc can travel from
client to sever via VPN as all the ports are 'open' by
default unless VPN packets are being inspected
|
| L2TP and IPSec over L2TP |
Software client to
some routers and servers Cisco & Checkpoint etc |
IPSec AES/3DES/DES |
- Coupled with IPSec is
encrypted and authentic
- Widely used
- Compatible with certificates
and shared secrets
|
- Big overheads on performance
for network and processing compared to PPTP
- More to configure also
- Not supported well in
Windows
|
| AES IPSec |
Some hardware routers
- Checkpoint, Draytek etc |
IPSec Rijndael/AES |
- No flaws in security have
been uncovered - superior to DES/3DES
- Has been accepted as the new
US government standard and so will be widely used
- Compatible with certificates
and shared secrets
|
- Big overheads as per 3DES
and L2TP
- No Microsoft client support so far
without 3rd party software
|
So in conclusion the PPTP option is still
a good one as long as you stick with the newer CHAPS 2 versions. MPPE supports
128bit encryption with most systems these days and CHAPS v2 seems to be
good enough for the average SME as it is no longer hackable just by
downloading a script or application. The ISA server option is still a
little too complicated and expensive to be the right solution for SBS operations
(you have to buy the server license and client access licenses for the
Premier Edition of SBS) so unless you are looking for a specific
aspect of its capabilities, you
are better off spreading the load of a VPN server to a hardware router
as so many support VPNs and cost literally nothing. The big question is
the one of voice integration. Do you want to extend the phone system to
your tele-workers as well as your data? If so then have a look at out
VoIP page for more answers on how to fit VoIP
into your business model.
For more information on VPN solutions and
possibilities, fill in the form on the contacts page
or drop us a line. |
|
