Is VPN Secure?

Im setting up a VPN at my work (small company makes fuel cell UPS'es) when they get the broadband in. The server uses win 2k pro or win xp pro (cant remember yet - just investigation)

If i follow the instructions to the letter at
http://www.wown.com/j_helmig/xpvpnsrv.htm
and
http://www.wown.com/j_helmig/xpvpnclt.htm
and
http://www.wown.com/j_helmig/xpvpncon.htm

will only the uses that i allow to log on be able to access files? How easilly can the logon security be overcome?

Its a small company and as such wouldnt afford a full pro setup.

Im vaulenteering a weekend to re-do the network and have all the computers run from hydrogen.
_____________________________
Could this be done over FTP? Where the files/folders are "shared" over that.?
_____________________________

The system thats there at the moment doesnt use logons etc. Its basically LAN file sharing so everyone can get everything. All i want to do is have it so that files can be used from peoples houses and remote sites.

The usual anti-virus things are installed, eg Notron etc.

Many thanks,
Stuart.

 

I have no idea what you are asking above.
The scenario just sounds wierd to me. You want people to be able to access the "server" file shares from thier home PCs via normal \\server\share logistics?

 

Most VPNs are good at encryption and will prevent people snooping on traffic as it passes. The main weekness of some VPNs is authentication. In other words how easy it is for someone to open up a new tunnel to your system and for you to be sure of who they are. If you don't use passwords or use weak ones you are making it very easy for someone to pretend to be one of your employees and log in via the VPN.

Authentication is the main factor that makes IPSec better than PPTP. PPTP authentication developed from CHAP and tend to be weaker than IPSec authentication systems (that use sophiticated key exchanges). I'd recommend using a hardware firewall hosted IPSec VPN solution. Enforce secure passwords (Use upper case, lower case AND numbers - even better put in a couple of exclamation marks). Be aware that firewalls or routers that are labelled as "VPN Enabled" may not actually host a VPN server. Instead they will allow VPN to pass through them to an internal VPN host. "VPN Enabled" does not necessarily mean that the firewall/router will host the VPN service. In the UK a firewall/router that will host IPSec VPN tunnels will tend to cost around £150 and upward. Those around half that price tend to be the pass through type. Somethink like a small Cisco PIX unit would be a good bet.

Another thing to consider with VPN is that users will have a greatly reduced bandwidth. If the system is running of ADSL the speed will be determined by the minimum of the two speeds (upload speed) and can typically be 256k (400 times slower that a LAN fast ethernet connection). So you need to educate users so that they are prepared for that. Users who think they will get a LAN speed service at home will be greatly disappointed. Also think about what services you run over the VPN. Remote access to an Intranet web service is great. Working on large files can be very slow and tedious. In other words, VPN is great for passing information around. It is less good for passing files. So tailor the services you provide over VPN to suit the slow connection.

Take those basic steps and VPN will work for you and provide an excellent service.