News and Info
Software Dev. PM
My office has computers and we want to access them from home. What should I be aware of?
There are two general approaches to allowing people to connect to your office network, Dial-In or through the Internet.
1. Dial-In. By installing a remote access service (such as RAS which is built into many Microsoft Windows Products), computers anywhere in the world with a modem can dial a phone number assigned to that computer and connect. RAS can be configured to require logon IDs and passwords. Additional security mechanisms can also be configured. The drawback of Dial-In\RAS can be slow speed, and the need for modems.
2. VPN. A Virtual Private Network (VPN) is a connection made to your office through the Internet. It is considered "Virtually" private because, even though it goes through the Internet, specific information such as IP addresses, logon IDs, and passwords must be known to connect. VPNs have proven to be a fairly secure approach to allowing remote access. Here are the steps to take to secure your VPN from hackers:
For your VPN to work, you need a DEDICATED IP address. This is not a standard feature of residential DSL or cable modem connections. It is possible to work around this limitation by using a Dynamic DNS hosting service.
- Use a VPN IP address that is not used for other purposes. Hackers are more likely to spend time investigating a web site IP address to see if it is also a VPN entry point, than other IP addresses. Therefore, you should have your web site hosted on a different IP address than your VPN.
- DEFINITELY use a router. A router not only allows all the computers in your office to get on the Internet, it becomes the only hardware directly exposed to the Internet. If you do NOT use a router, it is very likely that hackers can probe your IP address and discover what operating system your computer is running, the version of that operating system, and from there exploit the known vulnerabilities for that OS version. A router hides the computer and operating systems from exposure. By default, most routers will be configured only to allow traffic from the inside to go out. To allow traffic from the outside to come in, you should open the specific ports necessary. For VPN from Microsoft, you need to open Port 1723 on your router and direct it to the computer server running the VPN (RRAS) services.
- Use complicated user names and passwords. If hackers discover that you have a VPN (and they will), they only need to guess the user name and password to get onto your network. I recommend that all logon IDs and passwords have at least 6 characters, 1 or more of which is a number.