Computer Help Please....

[H-man]

Tech talk JONG!

Now that that is over, my boss has asked me about getting his company e-mail on a laptop at his camp in northern ME. I am by default the dumb shit in the office that gets all of the computer questions even though I don't know anything about hardware, networks, yada yada yada (Seinfeld reference.)

Spoke with an IT company we use occasionally and they said that they could "configure the laptop for VPN remote access to your network, as well as making sure that this user has all the permissions needed. We will also check the configuration of the firewall. Your probably looking at 2-4 hours of technician time." Greek to me.

A couple of questions if I may:

My boss is not very skilled at all with computers, as well as has limited patience for them. With the above proposed idea, will it be easy to use?

We will have to buy him a laptop to do this also. Is there any special hardware or software that must be included in the laptop to make this option work?

Anyone know of another option that may work?

Anyone care to guess at the costs of this mess?

What else don't I know that you smart people can tell me that will make me look like one of you smart people in front of my boss?

I'm sure that I have probably not given you enough information to help me with this so feel free to ask more questions of me.

Thanks for the help Maggots!

[snow_slider]

It shouldn't bee too hard to do. If you company has a VPN already set up, your boss will need a laptop with a VPN dialer (cisco makes a great one).

He'll just plug into a phone jack, boot up, run the dialer, enter his login name and password and poof! He'll be inside your company's firewall.

Yur tech monkeys will need to configure the VPN client for your boss or tell you what settings to use. You'll most likely need stuff like:
-DNS (Domain Name Server) name
-VPN (Virtual Private Network) number
-login
-password
-protocol (TCP/IP, IPX/SPX, NetBEUI)
-WINS server info

I'm probably forgetting some stuff too, like if you use a proxy server when at the office, you might have to disable it when dialing in remotely.

[anti-jinx]

here is a easier solution, situation depending. If you boss is looking at important stuff and needs SUPER privacy on his email, VPN is the way to go. Then you are going to need all of the stuff that snowslider said, generally a pretty technical issue.

IF NOT and he is just looking for a simple solution to get his email while at his cabin. You can easily configure his email program for the same account that he uses in his office by copying the Properties of that email account to the Labtop. ie. Incoming (POP3) and Outgoing (SMTP) servers, as well as email account and passoword. Technically simply, but no security.

[H-man]

here is a easier solution, situation depending. If you boss is looking at important stuff and needs SUPER privacy on his email, VPN is the way to go. Then you are going to need all of the stuff that snowslider said, generally a pretty technical issue.

IF NOT and he is just looking for a simple solution to get his email while at his cabin. You can easily configure his email program for the same account that he uses in his office by copying the Properties of that email account to the Labtop. ie. Incoming (POP3) and Outgoing (SMTP) servers, as well as email account and passoword. Technically simply, but no security.

Interesting idea. If we went this way, would he have a problem getting into the account through our office security, ie firewall ect.?

[Snow Dog]

My first question is "how is your boss going to access your server?" If he is dialling directly to your server then you don't need VPN; it's just a simple dialup configuration. If he is connecting to a local ISP and using the Internet to get to your server then yes, you need VPN. And an ISP account that supports VPN. 2-4 hours to set up, test, and train your boss isn't unreasonable.

[anti-jinx]

Interesting idea. If we went this way, would he have a problem getting into the account through our office security, ie firewall ect.?

I am not THAT technically skilled, but depending on the server and mail security, you could test this idea out in the office by configuing his labtop, dialing in to local ISP and seeing if it works. This would take a woping 10 minutes versus what Snow dog is talking about, going the formal route. I am able to perform this trick anywhere with my email, I am guessing the IT guys consider the password a security measure, have never called me out on it. If your server allows it, dialing directly to it is the easiest/best way to do it.

[EPSkis]

Leave it to me to dumb this conversation down.

I think we're getting WAAAAY too technical here.

What SnowDog said = I doubt you even have a need for a VPN.
If you have someone managing your firewall, then all your boss needs is either a high-speed internet connection and/or a wireless connection.

Since there's likely a firewall, all he needs is an address to connect to (your network) and a username/password.

Done.

Note: If it takes your IT monkeys 2-4 hours to complete this task, find another IT company.

[Snow Dog]

Leave it to me to dumb this conversation down.

Since there's likely a firewall, all he needs is an address to connect to (your network) and a username/password.

Done.

And minutes later your server will be hacked. The problem is e-mail is from a simpler time and is completely unsecure. Usernames, passwords, and the e-mail itself can be read by anyone monitoring the connection (and they are).

[EPSkis]

And minutes later your server will be hacked. The problem is e-mail is from a simpler time and is completely unsecure. Usernames, passwords, and the e-mail itself can be read by anyone monitoring the connection (and they are).

Again, I'm assuming there's someone managing their company network. Typically, this would mean a firewall (with redundancy) and active scanning.
That's a bare minimum for today's networks.

Remember that protection (& encryption) is in place on BOTH sides of your connection. Your ISP as well as your internal network.

(And even when using LookOut (get it?), you can configure security within the program to disable macros, etc. Even if his Boss knows NOTHING about email or security, you can set up his laptop so he doesn't do anything stupid.)

Assuming that equipment is already in place, his Boss wouldn't need much to connect remotely......which was what I was getting at...

Regarding email - any IT organization worth the rent they're paying already has aggressive email scanning. They're configurable, so attachments can either be outright BLOCKED, or at least scanned. For example, I have .zip & .exe files blocked by my server. Even though the user can't download them, I capture it on my server & scan it. I'm not letting these monkeys do anything I don't want them to do. It's controlled by the system (us), not the user.

Yes, content & usernames are logged by the server - and they SHOULD be, especially in a work environment. Passwords are encrypted, so I wouldn't worry much about that.

[365wp]

I would hope that if the organization allows external access to e-mail, SSL is the transport. Otherwise, anybody else on the ISP can download ethereal and read every message going over the wire...

[EPSkis]

I would hope that if the organization allows external access to e-mail, SSL is the transport. Otherwise, anybody else on the ISP can download ethereal and read every message going over the wire...

SSL is (more) redundant verification.
There are SO many layers of protection that can be enabled at the server level.
Example: Allowing only static IP's identified by the server & STILL requiring authentication.

I'm running a plain' ol POP3 server, and don't use SSL. I have over 5200 users on my system, and activity on my servers rarely drops below 1500 at any given time.
I don't *need* SSL because I have security layered elsewhere. Enabling SSL also causes security issues with allowing users to access & view web pages. I don't want to sacrifice the ability of my users to view web pages because of concerns about email. I've configured it so I don't need it. It's actually quite simple.

Ethereal works the same as any "remote desktop" / analyzer application. It simply captures the information & puts it into an easy-to-read format. As I stated in my previous post, the information you send is logged. Yes, your email is logged - yes, the content of your email is logged. NO, there aren't programs that allow an Admin to view encrypted information.

And NO - You can't run that program on the same ISP & view ANY message "going over the wire". It just doesn't work that way.

edit for clarification: My END USERS don't use SSL - I do, however - run it at the servers. Nobody requires it on their LookOut or Open WebMail setups. Also - regarding Ethereal: You still need SysAdmin access to INSTALL and EXECUTE the logging. You can't just download it & gain access to any info going across your network.

[Mcwop]

What email system does your company use? Outlook/Exchange has options where you can access email through any web browser.