Joe O'Connell
joeo at appoli.com
Thu Apr 23 10:09:47 CDT 2009
John, Thank you for the response, as usual your explanation is detailed, informative and easy to understand. Joe O'Connell -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby Sent: Thursday, April 23, 2009 9:41 AM To: Access Developers discussion and problem solving Subject: Re: [AccessD] From a reader -- about migrating Access data to SQLServer on the Web Joe, > My understanding is that none of your servers are open to the "outside" world, and the only users are those on your own internal network. That is correct. My network is as secure as I can make it given my limited knowledge of network security. I have a router with a built-in firewall, I run software firewalls on each and every computer, I have anti-virus software running on every machine etc. Furthermore, at this point in time I have no one other than myself authorized to get in to the network. I have had a couple of times when I had people remote in to help me. I set up a user for them and then turn that user off (or remove the user entirely) when they are done. > You have raised another question that I would like to see discussed more fully. Under what configuration is a VPN necessary? What are the advantages/disadvantages of using a VPN? I am not a Notwork guy so I am not the best person to answer the VPN question but I will volunteer what I think I know. A VPN is simply a secure communication channel, often referred to as a "tunnel", usually over the internet, which allows communications between a remote computer and a server or network. These communications are encrypted and secured so that they cannot be snooped on. So... a VPN is a "Virtual" "private" network. It is virtual because it is set up on demand instead of being a set of NICS and cables permanently in place. It is private because it is encrypted and only creates a network for those invited to join. The VPN can be all hardware based, the router at the remote computer establishes a VPN "tunnel" to the router at the server end. In this case the VPN literally extends the network at the server side to be visible at the remote side. Essentially the remote computer just becomes another computer on the LAN. The VPN can also be software based, which is what Hamachi does. In this case the VPN is established between two specific computers - the remote and a single specific server. In this case the remote computer is not directly on the LAN but rather can communicate securely with the server running the VPN software (Hamachi in this case), but can ONLY communicate with the server running the VPN software. I use Hamachi because it usually works well, is free, and is easy to set up. I have Hamachi running on every machine that I want to directly access. Hamachi assigns a unique IP address in the 5.x.x.x range to each computer in the world running Hamachi. Thus if I have a set of machines, each running Hamachi, I can see each machine as a specific 5.x.x.x IP. Hamachi then allows me to set up one or several "networks" of any machines running Hamachi that I "own", i.e. that I have the Hamachi password and IP address for. Thus I can build a "Hamachi VPN" of just one machine and my laptop, or a dozen or more machines and my laptop. Or I can create many different networks with different machines. Inside of the Hamachi application, the "network" displays all of the computers in that "LAN" and I can do anything I would on a normal LAN. I can run remote desktop IF the remote machine has the RD service running. I can run VNC IF the remote machine has the VNC service running. I can view shared directories on the remote machine. I can print to shared printers on the remote machine. Etc. One thing that I use my Hamachi VPN for is browsing the internet when I am at a hotel, and in particular if I need to buy something or view my banking etc. By setting up the VPN, I can "remote desktop" into one of my machines at home. The VPN channel is encrypted and secure directly from my laptop to a specific machine at my home office. Now I can use RD to open a browser on the server at home. I can browse, order stuff on a credit card, view my bank accounts etc. and not have to worry about my browsing being snooped by someone sitting in the parking lot of the hotel recording the guests, looking for account numbers or passwords etc. The VPN does have overhead involved, i.e. it does slow down the process of whatever you are doing relative to a physical LAN but in cases where you need these capabilities you are usually willing to give up the speed in order to gain security. And that is what I think I know. John W. Colby www.ColbyConsulting.com Joe O'Connell wrote: > John, > > My understanding is that none of your servers are open to the "outside" > world, and the only users are those on your own internal network. At > home I have a similar small network that incorporates both wired and > wireless PCs. This is also a closed network that is not open to the > outside world. > > At the other end of the spectrum, my company provides hosting services, > so all of our servers must be open to the "outside" world. These servers > are located in a data center that has been designed for this purpose and > that has all of the "normal" security features such as climate control, > power backup, multiple fiber connections from multiple vendors, > redundant hardware, fire walls, etc. > > Your setup works for you, so I would not change it just for the sake of > change. AFAIK Terminal Services are a standard service of Windows > Server 2003. > > Susan's question concerned giving access to an Access application > remotely. In my answer to her, I should have included a caveat that I > was assuming that the server sits behind a firewall and is already > available to outside users. > > You have raised another question that I would like to see discussed more > fully. My forte is application development, not system or network > management which I leave to others, so my knowledge of these areas is > limited. Under what configuration is a VPN necessary? What are the > advantages/disadvantages of using a VPN? > > Joe O'Connell -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com