Is replication the right tool in these circumstances?

[David Anderson]

Thanks, guys, for pointing out that key flaw in my naive assumption about
in-house testing. No doubt I'll have more questions if and when I make a
serious attempt at setting up a VPN.

David

 

[David W. Fenton]

Note that my webserver is a fully patched Windows 2003 Server
system with no firewall/router in place other than what comes with
Windows 2003 Server. Also note that I hit it via Terminal Server
without going through a VPN which horrifies some people. We also
renamed the administrator account and the two of use have our own
admin accounts we run to do things on it. The administrator
account is our backup in case we forget the password or lock
ourselves out.

It would be safer to create new admin accounts and remove the
default admin account from the adminstrators group. Why? Because the
SSIDs of the default admin accounts are discoverable, and that
doesn't change when you rename them.

And you should still use a VPN rather than having multiple ports
open to the Internet. A VPN means you need only the VPN and web
server ports open (well, unless you're running a mail server). The
point is that with a VPN all user interaction with your network
*and* your server comes through the single VPN port, as opposed to
needing multiple ports open for various task (remoted desktop, SSH,
etc.).

 

[David W. Fenton]

Thanks, guys, for pointing out that key flaw in my naive
assumption about in-house testing. No doubt I'll have more
questions if and when I make a serious attempt at setting up a
VPN.

If you have dialup Internet available, you could test it that way,
i.e., disconnect one machine from the LAN, connect to the Internet
over dialup, and then try to get to the other machine via the VPN.
This is what I'd do to test such a configuration on my home office
setup.

 

[David Anderson]

That sounds like an excellent suggestion. I've still got a couple of modems
gathering dust in a cupboard.

Thanks,
David