VPNs

Soldato
Joined
6 Mar 2008
Posts
10,085
Location
Stoke area
Hi all,

My brother in law has to travel around the country a lot meeting clients and creating web designs for them, once they agree he has to travel back to his office and hand them over to the boss, wastes a load of time as he cant just move on to the next client.

I suggested he just upload the designs to the company server so others can start working on them without him travelling back, they said no due to security. I said posting via recorded delivery, cheaper than petrol, they said no again due to security.

They came back to him today and said if he could get a VPN with a static IP they would allow him to upload, great but neither of us know anything about VPNs. One of his friends at work suggested a https://www.relakks.com/ company.

it's all gobledegook to me :D

For instance, I've read that Win7 can be insecure with VPNs, can it? Also, if he sets it up on his laptop, does he connect via dongle to the VPN then to his works server? what if he goes home, can he just carry on connecting via dongle without using the VPN? Just how secure are they?

Sorry for all the noob questions :D
 
IMHO...

The company should be providing secure remote connectivity for their staff if it's going to save time and money. Telling individual users to "get a VPN" is a bit daft - it needs doing properly so it can be made available to all staff as needed.
 
They won't fork out for anything, the owner is a ex footballer or something who knows very little about web design, just bought it and kept it as it was.

I've tried lots of times to suggest they change things but to no avail.

My bro-in-law would rather pay the £50 a year for a VPN membership through someone else himself than have to spend time travelling back and forth (that he doesn't get paid for) as it would save him lots of time.
 
I'm confused, you say you want him to buy a third party VPN?

If you do that the endpoint will be somewhere random on the internet and it will probably be less secure than connecting and uploading directly. I.e the traffic route would look like:

His box ----[ VPN ]----> Random VPN Company ----- [ Plain Internet ]-->Company Server

Basically a VPN is useless unless it is inside the company, no point if it's just for a static IP to add to their firewall rules!

A direct secure upload over something like SSH/SFTP with public-key certificates for authentication is all that would be required.
 
Last edited:
I'm confused, you say you want him to buy a third party VPN?

No, they want him to buy it, as I said, I wanted him to simply upload it to their servers as it would save him travelling back and forth.

If you do that the endpoint will be somewhere random on the internet and it will probably be less secure than connecting and uploading directly. I.e the traffic route would look like:

His box ----[ VPN ]----> Random VPN Company ----- [ Plain Internet ]-->Company Server

Basically a VPN is useless unless it is inside the company, no point if it's just for a static IP to add to their firewall rules!

A direct secure upload over something like SSH/SFTP with public-key certificates for authentication is all that would be required.

I'll pass that on to him to email to his boss, see what he says!
 
Yeah the setup of going through a VPN provider seems completely pointless IMO, he needs his company to have a VPN server of their own for any kind of security, which they probably have if they're saying it's a requirement?
If they do have one, he'd need the host address to connect to, a username / password and / or a pre-shared key if they're using IPSec for a decently secure VPN, from there you can just put those details into Windows 7 (under Network & Sharing centre, make a new VPN connection) and it should be the properly secure tunnel that they're after.
 
They won't fork out for anything, the owner is a ex footballer or something who knows very little about web design, just bought it and kept it as it was.

I've tried lots of times to suggest they change things but to no avail.

My bro-in-law would rather pay the £50 a year for a VPN membership through someone else himself than have to spend time travelling back and forth (that he doesn't get paid for) as it would save him lots of time.

The owner is nuts then. Is your BIL freelance or something? If not, then the business is paying for his travelling costs and wasted time chugging round the country.

£400 or so spent on a firewall appliance with IPSEC or SSL-VPN functionality will pay for it's self in other cost / time savings pretty quickly.
 
Surely you mean Secure FTP not SFTP?? SFTP is barely a step from TFTP ;-)

What do you think SFTP is? :confused:

Edit--
To the OP, using SSH or SFTP would probably be the cheapest way of doing it in terms of if they have a server already then it could be done with free software.

A cheap VPN concentrator like on of the SonicWall TZ series might be a better way of implementing it though.
 
Last edited:
how big are these files? Could they be emailed? I was just thinking you could attach them as an encrypted zip file or truecrypt container to an email.
 
Back
Top Bottom