RE: Remote Desktop vs VPN on Windows 2003

From: Paris E. Stone (pstone_at_alhurra.com)
Date: 01/18/05

  • Next message: Daniel Marques: "Re: Building a Company Computer Use/Security Policy"
    Date: Tue, 18 Jan 2005 10:40:07 -0500
    To: "Roger A. Grimes" <roger@banneretcs.com>, "Jeff Randall" <Jeff.Randall@ksg-llc.net>, <security-basics@securityfocus.com>
    
    

    "Security through Obscurity" i.e. put it on a different port, is not
    security at all.

    Rdesktop on the internet, is generally a bad idea, no matter what port
    it runs on.

    Put a firewall in front of it if possible, if not, run a software
    firewall and then add openvpn.

    www.openvpn.net is free, and will allow IPSEC connectivity that you can
    use to access the machine, then you get MSTSC(remote desktop) access
    over the tunnel.

    -----Original Message-----
    From: Roger A. Grimes [mailto:roger@banneretcs.com]
    Sent: Friday, January 14, 2005 5:16 PM
    To: Jeff Randall; security-basics@securityfocus.com
    Subject: RE: Remote Desktop vs VPN on Windows 2003

    I can think of NO reason not to use Remote Desktop. Remote Desktop is
    fast and secure. Everything is encrypted past the logon name. To get
    additional security assurance, change the default TCP port from 3389 to
    something randomly high...like 58645 (which you can do with a regedit on
    the server...just google it). Then add the new port number to your
    server address...like www.example.com:58645.

    Roger

    ************************************************************************
    ***
    *Roger A. Grimes, Banneret Computer Security, Computer Security
    Consultant
    *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
    *email: roger@banneretcs.com
    *cell: 757-615-3355
    *Author of Malicious Mobile Code: Virus Protection for Windows by
    O'Reilly
    *http://www.oreilly.com/catalog/malmobcode
    *Author of Honeypots for Windows (Apress)
    *http://www.apress.com/book/bookDisplay.html?bID=281
    ************************************************************************
    ****

    -----Original Message-----
    From: Jeff Randall [mailto:Jeff.Randall@ksg-llc.net]
    Sent: Thursday, January 13, 2005 3:23 PM
    To: security-basics@securityfocus.com
    Subject: Remote Desktop vs VPN on Windows 2003

    I have setup a web server running win2k3 and was curious about remotely
    accessing it with an XP box. Only one requirement, it has to be FREE.
    =20

    Here is what I have setup and as of now working but I would like in the
    end to only run one.

    1. RRAS using PPTP. It's not a DC so I use local accounts.
    2. VNC. TiteVNC to be specific.
    3. Remote Desktop - went into the admin tools and set the
    encryption level to high.

    Please no crazy setups like upgrade to DC and run IAS for Radius or
    running IPSEC tunnels, just would like peoples thoughts on the security
    level of each of these programs and what they feel are the most secure.
    If you can get specific about encryption, keys, key lengths, that would
    be great. Thanks


  • Next message: Daniel Marques: "Re: Building a Company Computer Use/Security Policy"

    Relevant Pages