I'd like an advice about VPN. Is VPN really secure??? What is a good way for teachers in an University save files in theirs folders in a file Server??? Nowadays they use VPN but I was thinking about another good way to send files when they are outside the university.My server is a Windows 2003.Thanks,

Denise_F said: I'd like an advice about VPN. Is VPN really secure??? It actually depends on how you setup your VPN infrastructure and how you view security for your implementation? Are you referring to your data being secure while in transit? For a list of whitepapers, how-tos and guides in implementing native Windows VPN technologies, you can refer to this Technet page:http://technet.microsoft.com/en-us/network/bb545442.aspx. Or if you are keen on using an open-source alternative, you may want to give OpenVPN(http://openvpn.net) a spin. Denise_F said: What is a good way for teachers in an University save files in theirs folders in a file Server??? Use encryption. Here are some readings for the Microsoft Encrypting File System (EFS):http://support.microsoft.com/kb/223316http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsck_efs_duwf.mspx?mfr=trueSalvador Manaois III MCITP | Enterprise/Server Admin Bytes & Badz : http://badzmanaois.blogspot.com

Denise_F said: Is VPN really secure?Generally speaking about VPN, i couldnt think any better way to access private networks from public ones. How VPN generally works, well the quote from WikipediaSecurity mechanisms in the VPN Secure VPNs use cryptographic tunneling protocols to provide the intended confidentiality (blocking snooping and thus Packet sniffing), sender authentication (blocking identity spoofing), and message integrity (blocking message alteration) to achieve privacy. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks.http://en.wikipedia.org/wiki/Virtual_private_networkSo sniffing or breaking in to the actual data is really hard. In my Opinion the best part about VPN tunnels is that when you have enabled it, you dont have to care about which protocols (port, software) different users use. For example FTP as being "cleartext"protocoll in where sniffing username and passwords are really easy, you dont have to worry about that. Or accessing Intranet sites to view classified data.I personally like hardware firewalls to do the job, but in Windows Server IPSec is quite good too.Hmm..If for some reason VPN is not an option to choose, i propably would use SFTP in Windows 2008 for transfering files. Though idea about exposing fileserver to public is really bad.So, VPN is good :)Henry Eklf :: Just one random IT-guy more.

I understood...I'm worried aboutthis: teachers don'ttake care of their passwords!Afterconnection a tunnel is opening... sosupposehe/she isnot a teacher, is ahacker or even anstudent.. hecan do ping, sniff and probably transmit virus, in fact they are inside my net and theycan do many bad things. Theacher are administrator of all machines because they need to install softwares so they are able to map c$ of machines.Is therea good SFTP free?Many thanks,

Yeah, i'm having same kind of problem in my own environment, right now.Too many people having too much power with their machines. Switching away from VPN is just avoiding the real problem.Some things can be made, though.1. First thing is to make a good Security Policy. What it is that these people are allowed to do and what not. Understanding what it means to have administrator-level permissions. People should make clear that they do NOT surf bad-sites (hah, some other word was replaced automatically) with their workcomputes and avoid suspicious emails :)2. Anti-virus software to workstations and personal firewalls.3. Making sure that Security patches are regularly installed.With these, you have pretty much safer ground.BUT.People WILL violate rules and just make life miserable. That is the reason why i'm taking some steps to install windows 2008 server and NAP (Network Access Protection) in my environment. Maybe you should check it also.http://www.microsoft.com/windowsserver2008/en/us/security-policy.aspxBut for your question, WinSCP is quite good :)http://winscp.net/eng/index.php Henry Eklf :: Just one random IT-guy more.

Is VPN Secure ??Any data packets that move across a publicly shared network like the Internet are potentially vulnerable to tampering, no one can give a guarantee that they cannot be hacked. Security is the major issue in IT theses days which changes on the daily basis.But, what is safe enough? VPNs that employ multiple security systems, like additional hardware devices, software patches and security standards, can be considered secure. In most cases, security vulnerabilities will be introduced by the users, rather than the system.Lets consider thisAn end user gets a call from from a XYZ hacker bearing an identity of the help desk of your corporate network and asking a password from the end user ???Then what ?? Usually end users doesn't bothers to take the identity of the help desk support engineers. A single word on a phone """ calling form help desk is enough "" to handover there passwords.So end users does plays an important role in security breaches. Please give a sufficient training and notes to all the end users to are supposed to use vpn access from the public places and also assure that SSL certificates are used over the vpn access.You can use Microsoft Windows 2008 Server for SSTP VPN and FTPS for file access which is now a built in feature in IIS 7.SSL FTP also known as FTPS, not to be confused with SFTP. You can choose if you want to encrypt just the control/authentication channel or both it and the data channel! You might not want to encrypt the data channel for uploads so you can do AV scanning, but still login with credentials securely via SSL. Here is a well explained article on SSTP VPN on Windows 2008 http://www.windowsecurity.com/articles/configuring-windows-server-2008-remote-access-ssl-vpn-server-part1.htmlfor FTPS please check this http://blogs.technet.com/extreme/archive/2007/05/23/ftps-in-iis7-is-sweeter.aspxThanks and Hope it helps Syed Khairuddin

Thanks for all your help.I've tested winscp and it is areally good client, in fact I'd like an SFTP server but as everybody told me just in Windows Server 2008 I will find allsolutions... I'm using Windows 2003 server yet! That's the problem.Thanks,