Securing a Windows lab environment.

scottalanmiller

@Bill-Kindle said:

True. Which is one thing I've asked Pertino in the past if they were coming up with a way to prevent that and only allow the client to access a particular set of machines through the use of ACL's. Last I checked that wasn't possible yet.

Definitely not something on their short term roadmap. It's a VPN solution, not meant for how you are using it. They have a lot of stuff, like enterprise class VLANs, to address for core customers long before they look at something like that. Considering it is designed to be a LAN, that goes against a lot of their core design.

Bill Kindle

@scottalanmiller said:

@Bill-Kindle said:

True. Which is one thing I've asked Pertino in the past if they were coming up with a way to prevent that and only allow the client to access a particular set of machines through the use of ACL's. Last I checked that wasn't possible yet.

Definitely not something on their short term roadmap. It's a VPN solution, not meant for how you are using it. They have a lot of stuff, like enterprise class VLANs, to address for core customers long before they look at something like that. Considering it is designed to be a LAN, that goes against a lot of their core design.

Still, for what I'm using it for at the moment it works.

scottalanmiller

@Bill-Kindle said:

Still, for what I'm using it for at the moment it works.

Yes, but as a single user it's very different than how the OP is looking to use it.

Carnival Boy

@scottalanmiller said:

@Carnival-Boy said:

Cheers. So in what way are the end users exposed to each other? What could an attack on one to another look like?

The exposure is the same as being on the same LAN because, effectively, they are.

So fundamentally Pertino works the same as Hamachi? There is nothing particularly insecure about Hamachi compared with other VPNs? I ask because a couple of times now people have told me on Spiceworks I shouldn't use Hamachi for security reasons without explaining why they think that.

scottalanmiller

@Carnival-Boy said:

So fundamentally Pertino works the same as Hamachi? There is nothing particularly insecure about Hamachi compared with other VPNs? I ask because a couple of times now people have told me on Spiceworks I shouldn't use Hamachi for security reasons without explaining why they think that.

Pertino is a modern Hamachi, yes. Hamachi hasn't been developed in many years, maybe close to a decade. Pertino is a far more powerful, currently developed direct Hamachi competitor. Pertino only has one model because they have extra tooling that sits in the hubs that you don't see (you don't host your own hubs like Hamachi) that provide monitoring, information, security, features, etc.

Any VPN is insecure if you don't control the end points. It's the same as letting random people walk into your office and attach to your switches. It's not that they are less secure than other VPNs, no idea why people would say that. It's just that VPNs themselves expose end users to the LAN, the LAN to end users and the end users to each other. Even VPNs that don't appear to do that, do that in the end.

But if you would allow the end points in question to directly attach to your LAN, then the VPN is no less secure than that.

This particular thread, though, is about allowing arbitrary outsiders to access a lab. Using a VPN to do that means that arbitrary outsiders, not employees on company equipment, are being exposed to each other and to the OP via the VPN. That's where the insecurity is. It's like having a lab that allows people to bring their own equipment and plug into the switch.

Carnival Boy

Yeah, sorry, didn't mean to hijack the thread. As you were....

IRJ

Sorry for abandoning this thread. My fiance is having some complications with her pregnancy and its been keeping us busy. She is doing much better today, though.

Bill Kindle

@IRJ said:

Sorry for abandoning this thread. My fiance is having some complications with her pregnancy and its been keeping us busy. She is doing much better today, though.

Hope all is well, will keep you in my thoughts and prayers.

scottalanmiller

@IRJ said:

Sorry for abandoning this thread. My fiance is having some complications with her pregnancy and its been keeping us busy. She is doing much better today, though.

OH gosh, I hope that everything is okay. That is always so scary.

JaredBusch

@IRJ said:

Sorry for abandoning this thread. My fiance is having some complications with her pregnancy and its been keeping us busy. She is doing much better today, though.

Completely understandable! We only had to deal with fairly typical morning sickness for both of my wife's pregnancies. I count myself so lucky on that front. I have known many people with varying issues.