Access to Win2000 Server shares via the internet

[Guest]

Hi I have a Win2000 Server with multiple user accounts, behind a Microsoft
ISA Server,with a dedicated connection to the internet, the true external IP
is provided by third party and then nats to our ISA servers external address.
How if possible can I give access to the domain users shared folders only
via the internet connection.

Thanks for any help
Mark H

 

[Lanwench [MVP - Exchange]]

Hi I have a Win2000 Server with multiple user accounts, behind a
Microsoft ISA Server,with a dedicated connection to the internet, the
true external IP is provided by third party and then nats to our ISA
servers external address. How if possible can I give access to the
domain users shared folders only via the internet connection.

Thanks for any help
Mark H

VPN.

 

[TheDragon]

a simple way could be a virtual directory on a web server. Turn off
anonymous access, then the users have to authenticate. Use https and even
better.

 

[Leythos]

Hi I have a Win2000 Server with multiple user accounts, behind a Microsoft
ISA Server,with a dedicated connection to the internet, the true external IP
is provided by third party and then nats to our ISA servers external address.
How if possible can I give access to the domain users shared folders only
via the internet connection.

If you do this by any means other than a VPN connection you are asking
for all sorts of security issues.

 

[TheDragon]

Whats wrong with Https with authentication?
I see no real issues is a secure SSL certificate is available.

Yes VPN is the safest, but not the simplease way to set up.

 

[stuartm]

I don't see *much* wrong with this either - as long as you've got strong
password policies it *should* be fine. One of the key things is that you
should force passwords to change more often than usual - I have seen
many occasions where somebody has accessed a virtual web directory and
have saved their passwords in the browser window! This is especially bad
if users will be accessing the virtual directories from public computers
(internet cafes, libraries, etc...)

S.

 

[Leythos]

I don't see *much* wrong with this either - as long as you've got strong
password policies it *should* be fine. One of the key things is that you
should force passwords to change more often than usual - I have seen
many occasions where somebody has accessed a virtual web directory and
have saved their passwords in the browser window! This is especially bad
if users will be accessing the virtual directories from public computers
(internet cafes, libraries, etc...)

There are many reasons that I would never do it - the first of which is
that you have to be running IIS and unless you know enough to secure it
you open an entire range of security problems - and he's already
presented the notion that he doesn't understand security based on his
posts.

A VPN option is simple, easy to setup, is designed for the requested
activity, and provides access to the server as though the users were
connected to the server network, not just through a web interface.

It would take the average IT person, already familiar with 2K, about 15
minutes to setup RAS/VPN, and it would take the average Windows 2000/XP
user about 5 minutes to setup a VPN/PPTP connection from anywhere to the
server.

 

[Lanwench [MVP - Exchange]]

There are many reasons that I would never do it - the first of which
is that you have to be running IIS and unless you know enough to
secure it you open an entire range of security problems - and he's
already presented the notion that he doesn't understand security
based on his posts.

A VPN option is simple, easy to setup, is designed for the requested
activity, and provides access to the server as though the users were
connected to the server network, not just through a web interface.

It would take the average IT person, already familiar with 2K, about
15 minutes to setup RAS/VPN, and it would take the average Windows
2000/XP user about 5 minutes to setup a VPN/PPTP connection from
anywhere to the server.

I agree. VPN is the right way to go.