VPN WAN

[Neil Ratzlaff]

A high mucky-muck of my company wants to set up an NT domain with machines
scattered around the USA.  (Why is a little unclear to me, but he wants
it.....)  When this was proposed last year I screamed and they gave up, for
a while.  Now I want advice on whether putting a Cisco VPN router at each
office would be considered to offer enough security.  This is not for a lot
of traffic or for really important stuff.  They mostly claim to want to
share files and printers - even though no one can explain to me why someone
in Denver should want to print to a printer in Boston.  I doubt there are
firewalls or other network security at any of the sites.

I pointed out that the security risk is additive (actually x to the nth
power, but keep it simple) since compromise of one machine gives access to
all the others, and anyone who has access to any machine behind the router
probably can access all the NT machines in the domain.  This is acceptible
to them, since they already have NT domains scattered through a couple of
buildings (all behind the same firewall, though).

Is this considered safe?
Any suggestions for making this a safer project?
Any reasons or examples that indicate why this is a bad idea?

Thanks,
hermit1

VPN is sponsored by SecurityFocus.COM