My company has recently started using Visual Source Safe, which is proving to be a great asset. Now, we are looking...
at ways of utilizing its capabilities remotely. I've read up on a few programs such as SourceOffsite, which does straight TCP linking with 128 bit encryption through SSL. My question is whether this is the most secure method for allowing remote access to source code. It is important to note that I am in the midst of setting up my first ISA server and through my readings know that I will be able to set up VPN access as well as do server publishing. What I'm looking for is the absolute most secure method for allowing my developers to access a VSS server remotely and what potential risks/threats we would be exposing our network to regardless of the most secure solution. I know this is a lot, but if you could shed any light on the topic or point me in a good direction, that would be great.
I've been reviewing this question for a few days now and think the best answer for your question is to provide standard best practices for all applications using a VPN and SSL. The VPN will provide packet protection for encrypting the packet and headers. SSL will further protect the data. The VPN will wrap the data packet and provide point-to-point (user to company) protection, while the SSL will provide end-point to end-point proof of protection.
Your question is rather complex and requires many more questions and answers, but I think the answer above should lead you on the correct path.
Infrastructure and Network Security