Re: remote desktop question

From: jordanpw (jordanpw_at_gmail.com)
Date: 11/02/05

  • Next message: george.peek_at_gmx.net: "Why NOT to disable Real Time Antivirus on Servers" 
    Date: Wed, 02 Nov 2005 14:19:39 -0600
To: Richard Parry <richard@generic-edesign.co.uk>

    Richard Parry wrote:

    >Edmund,
    >
    >Since you already have a firewall system in place, I would suggest
    >looking into the VPN capabilities of that firewall, closing the RDP port
    >you have opened and only allow authenticated VPN users who have logged
    >into the network access to the RDP sessions. RDP sessiona are encrypted
    >with 128bit anyway, but at least with protecting the login to
    >authenticated VPN users you won't need to worry about external
    >break-ins.
    >
    >Hope this helps. Richard
    >
    >-----Original Message-----
    >From: cc [mailto:cc@belfordhk.com]
    >Sent: 21 October 2005 7:28 AM
    >To: security-basics@securityfocus.com
    >Subject: remote desktop question
    >
    >
    >Dear All,
    >
    >The company I work with recently required a remote desktop access and to
    >keep the budget down, I used a XP Pro system to receive only one Remote
    >Desktop user.
    >
    >Since this requires the opening up of a port on the firewall, I'm quite
    >concerned. I have limited the system to only one or
    >two users who can log on. Since this is my initial foray
    >into the remote desktop client (in the past, we used PCAnywhere, but
    >it's getting more and more expensive(hard to justify purchasing a
    >license for each system).
    >
    >In what ways can I protect the remote desktop system from
    >being broken into? (Well, aside from shutting it down.)
    >
    >Any pointers appreciated.
    >
    >Edmund
    >
    >
    >
    >
    >
    >
    >
    I see this advice often on this list. I work with very small businesses
    (200 users and below) where number of servers / firewalls / routers, and
    budgets for same, are very small. So I have some (very basic I'm
    afraid) questions on this subject:
    -- Is there not a slowness / performance hit when forcing users to
    access a Terminal Server via a VPN connection?
    -- This will require VPN client software on all client machines right?
    Or is the in-built MS VPN connection stuff considered acceptably secure
    in this scenario?
    -- Or should we look at SSL VPN for this?

    Thanks in advance for any feedback ...

  • Next message: george.peek_at_gmx.net: "Why NOT to disable Real Time Antivirus on Servers"

    Relevant Pages

    • Re: More on Remote Desktop
      ... I still won't be opening up a port on my firewall for it, ... The Remote Desktop ... > Yes a VPN will work just fine. ...
      (microsoft.public.windowsxp.network_web)
    • Re: More on Remote Desktop
      ... You can still use Remote Desktop through the VPN tunnel. ... *AND* not open multiple holes in the firewall... ... there are lots of good reasons to use VPN for some users. ... Unless of course the original poster wants to implement an L2TP/IPSec VPN server at home...or ...
      (microsoft.public.windowsxp.network_web)
    • Re: Need help with VPN problem
      ... Thanks to both your responses. ... It seems to me that the corp's firewall ... I still can't connect thru VPN. ... But what I'm puzzled about is why remote desktop works thru the corp ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: Remote Desktop and VPN
      ... RWW is NOT RDP over HTTPS it is merely a convenient method of connecting to ... PPTP VPNs ie the default setup is a very poor example of supposedly secure ... I agree about the VPN there are pitfalls to all solutions and nobody is ... >> Yes there is a small risk when publishing a remote desktop directly. ...
      (microsoft.public.windows.server.sbs)
    • RE: Sandboxing
      ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
      (Focus-IDS)