From: "Glenn Meadows" 

How does he access the network at work from home or travel now?

Sounds like you're going to need a VPN connection box/software at each end,
that he authenticates through.

We have a small NOKIA box supplied by Qwest, our network access provider,
that also is our firewall, that they manage for us.  It uses the
SecureRemote software for the authentication software, and connection
through to the network.

When I log on at home from my cable modem, as soon as something on my PC
tries to connect to the private IP address block we use (10.1.x.x), the
Secure Remote login box comes up, asking for user name and password.  Enter
same, that's authenticated against the VPN/Firewall, and if it's
authorized, I have access.  This works from anywhere I connect from. 
Dialup, hotels, even at other offices when I guest on their lan.  It sets
up a secure encrypted tunnel into our network, and with the proper entries
in my hosts file (name to IP address for the internal servers), I can use
UNC share names that are in my favorites, and they open just fine.

All of our people who have laptops have the software installed, as well as
login rights.  The secure software gets assigned a local ip address from
the 10.1.1.x pool, and the software knows which pipe to send requests down.

There are several companies that make full software firewall/vpn's as well.
FX software makes one, it was originally an OS/2 based product that I used
to like 5 locations together over cable modems.  They've subsequently moved
into other markets as well, so look into that.

--
Glenn M.


"Richard B."  wrote in message
news:ut34s0tuqr7hbg2ljb93d29vmvi14hmo0q{at}4ax.com...
> I've managed to dodge this headache for a while, but The End Is Near.
>
> The company prez wants a tablet PC and wants pretty much full network
> connectivity from wherever he is as long as there is wired or wireless
> access, i.e., from home, motels, other consultants, etc.
>
> He is NOT a power user, mainly does email and surfs the next as
> needed.  My tech and I have both been to his home and it's the usual
> mess there with spyware and viruses.  Basically I have to assume the
> worst case scenario and defend against it.
>
> I'm thinking of how I can best protect my LAN from him both when he
> connects from outside and when he comes inside, most likely not giving
> us time to thoroughly check his machine before he connects.
>
> Tips?  Resources?  Advice?  Shoot myself now?
>
> - Richard

--- BBBS/NT v4.01 Flag-5