I see a busy weekend coming up :-) Not that I'm complaining - I'm up for the challenge.... Now that I have VPN back into my home network fully functioning with both PPTP and L2TP (PPTP is configured but disabled), it's time to implement some quarantining. There were a few reasons to setting up VPN besides the "because I can", although that seemed more than a good enough a reason to me, even if "her who must be obeyed" didn't (and still doesn't) get it :-)
One of my sons is going to university soon. Hence, part of my home implementation of Active Directory includes folder redirection so that he can roam on his laptop offline and still get to his documents. He can fire up Outlook to get his email via RPC/HTTP or Outlook Web Access, and optionally connect through VPN back here to synchronise his documents to my central servers to ensure everything's backed up daily. I've also turned on shadow copies so that he can get back to previous versions of his documents up to 2 weeks previous without needing to do a restore.
However, universities being universities, as much as I'd like to think that his machine is reasonably well locked down, anti-virused and patched, could I trust his machine to come straight back here through VPN? Nope. Not a chance. For similar reasons, any "friends or family" machines which turn up here to be fixed (I seem to get lots of these) don't get a chance to be attached to my home network - I just don't trust them, however well managed they are. Call me paranoid, but isn't that part of the job for an IT Professional?
Hence, my weekend job (kids and wife pressures excepting) is to look into implementing VPN quarantine - at a minimum checking AV is up to date, firewall is on, run the malicious software removal tool (now that's useful and timely that I found the link yesterday), check for the latest security patches and check to see what additional software has recently been installed.
Handy therefore that I spotted this on microsoft.com: Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide whitepaper. You can both view it online or download it. However, as I have an ISA Server, this link is a bit more useful and I'm going to need the Remote Access Quarantine Tool for ISA Server 2004.
So, just a simple configuration running at home. Crikey. I'll report back progress....
My colleague John Howard is implementing VPN Quarantine at home this weekend! I read his blog entry and...