Help with RAS on win nt 4

[InTheClouds]

Ok, here is the situation. The network I am referng to is NT 4. My boss wants me to set up remote access service for a few of our employees. Our budget is really tight and I was wanting to avoid purchasing another computer just for this purpose.

Here is my question: Would it be a bad idea to just put a modem in our Backup Domain Controller and run RAS on it instead of setting up a machine just for that purpose only?

Any input would be helpful and much appreciated.

 

[teknoid]

It would work just fine as described. Keep in mind though that opening a phone line opens your network up to anybody with a modem. Yes... there are a great many security changes that can be made to the system to help keep the bad-guys out but the only way to be CERTAIN that no one enters your network is to not have a modem attached.

We use the W2K Server version of RAS here where I work. I have only certain users allowed to dial in, only certain hours of the day when they're allowed to attach to the network and they get 3 tries to log on before thier account gets locked. Oh Yea... I also have them set up for dial-back to a fixed number. They dial in... log-on... the system hangs up on them and calls them back. All in all I feel like our network is fairly secure.

I still worry though...

 

[InTheClouds]

Thanks for the insight. I will not be able to use the call back feature though because the people dialling in will most likely be calling from various hotel rooms. Are there any strong arguements as to why I should just setup another machine to handle RAS?

 

[teknoid]

Not really... Just think through your security REALLY REALLY well. Especially with reguard to file and directory permissions. As bulletproof as you make it there's almost always another way in.

Take it from someone who wore a black hat for a while....