RE: Remote Desktop, DMZ



Edmund,

Before placing the system in the DMZ, read about the DNS vulnerability
MS recently issued.

Microsoft Security Advisory (935964)
Vulnerability in RPC on Windows DNS Server Could Allow Remote Code
Execution.


http://www.microsoft.com/technet/security/advisory/935964.mspx

-Shariff

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Edmund
Sent: Tuesday, April 24, 2007 7:16 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Remote Desktop, DMZ

Dear All,

A Remote-Desktop system should be placed within the DMZ,
am I correct?

If that is the case, what if the Remote Desktop
system requires access to an application server; but,
this application server cannot be placed in the DMZ
because LAN users also need access to it?

I've been mulling it over and haven't quite
figured out how or where to put this remote desktop system.
In the DMZ, it will have a hard time being
part of the domain(is this actually necessary?)
or even access an application server (which
is also part of the domain). If I put
the Remote desktop system in the internal LAN,
the risks are not particularly appealing should
the RD system get compromised.

Can someone out there give me some hints/pointers
as to how I might go about in putting a remote
desktop system in an existing network setting?

Thanks

Ed



Relevant Pages

  • Remote Desktop, DMZ
    ... A Remote-Desktop system should be placed within the DMZ, ... what if the Remote Desktop ... this application server cannot be placed in the DMZ ... because LAN users also need access to it? ...
    (Security-Basics)
  • Remote Desktop to Computers within Network?
    ... :) I remote desktopped in to my "server" at home, ... my router with the DMZ and port opening. ... as it likely doesn't have remote desktop turned on. ...
    (microsoft.public.windowsxp.work_remotely)
  • redirect
    ... I am trying to redirect an internal IP address to an address in my DMZ so I can run Remote desktop to a server that is only on a DMZ. ...
    (microsoft.public.isa)
  • RE: fedora-list Digest, Vol 6, Issue 266
    ... Re: OT: Setting up a forwarding mail domain in DMZ without ... Re: Sound Problem ... downloaded the yum.conf for fedora from Redhat's website. ... Server: Fedora.us Extras ...
    (Fedora)
  • RE: Webserver on a DMZ still needed?
    ... Certainly your suggestion to have a email server in a DMZ but still have ... having the exchange server on the internal LAN with only the smtp ports ... Talking of the financial cost of setup by the book vs the security cost ...
    (Security-Basics)