We have a partially managed IT company at the school i work at. They have put in a place a VPN which goes through the county councils network.
Im not too sure what kind of security has been put in place, ideally i was thinking NAP should be used to decline connections to any clients who dont have up to date anti virus and windows updates etc but this doesnt appear to be in place. Before i email them asking what is in place and what we would like could someone please advise what should be in place in your opinion or what youer school has in place.
Id just like to have some clear ideas for when i speak to them about it to be able to know what it is we want.
I dont know too much about it but its running off server 2003 and is cisco software client we are using. And i recall something by the name of Cisco ASA being involved but no idea about that just repeating what i think i heard when it was being setup.
NAP would be done on the internal domain, and shouldn't have any impact on the VPN setup per se, but would require some changes to your domain setup.
Also you'd do better to be using 2k8 servers to use the built in NAP capabilites.
The Cisco ASA is a router with built in firewalling so I imagine tunnelling to the county network - do you know if there's an ISA server at your site?
I know a bit about NAP but its on 2008 that i know, i wasnt sure if NAP was even on 2003. For the time being we will be sticking with 2003, thats one thing im sure of.
And yeah we have an ISA on site. I just wondered what a usual setup for a VPN on server2003 was, like what was put in place for security so i can then go and find out how close to this our setup is as i have little faith in the company who set this up so want to be sure everything is secure before we start letting staff loose using it from home.
Well is it the ISA providing client vpn's?
If so do you know what security/encryption method they're using.
NAP isn't a be all and end all - I'd suspect most people aren't using it and are relying on vpn encryption.