RE: terminal server security vs vpn

We went through this at our government agency and the remote desktop client is 128bit encrypted. We found it on Microsoft's website, terminal server seemed to be the most logical solution with the least administrative overhead.

Thanks,
 
Brent Kern
IT Network Management Specialist

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Chris Barber
Sent: Monday, August 13, 2007 2:18 PM
To: Juan B
Cc: security basics
Subject: Re: terminal server security vs vpn

Juan,
If you use SSL-VPN you will not need a client, or at worst you will
not be required to install a client before you can make the
connection. The only thing needed from that standpoint is a browser.
This makes VPN more "Web Like" and easier on the user, without
compromising your security. i would contact one of the loacl
resellers in your area and ask for a demo

Cisco, Juniper, Aventail and Checkpoint all have SSL-VPN solutions
that are quite nice. I prefer the Juniper myself.


Hope this helps
Chris.

On 8/13/07, Juan B <juanbabi@xxxxxxxxx> wrote:
Hi,

I am looking for a solution to my users so they can
log in from home and work connect to there office
pc's, of course I will use terminlal server.

My question is, why to use double encryption, why use
vpn client to connect to the corporate FW and then to
connect throw it with a ts session, AFAIK Ts is
encrypted as well and one can set the encryption to
high which is the same as VPN right?

I want to nake the connection simple to the user and
securure. do I need also a vpn client, I guess not, am
I missing something here?

I will also change the port to increase security.

Thanks a lot,

Juan



____________________________________________________________________________________
Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/



The contents of this electronic message, including attachments, are
transmitted by the Oklahoma State and Education Employees Group Insurance Board,
an Oklahoma government agency according to the Uniform Electronic Transactions Act,
12A O.S. 15-101 et seq. This message is intended for use by the named addressee
only and may contain information that is confidential or private according to state
or federal laws. If you have received this electronic message in error, please notify
the sender by a reply to sender only message, delete it completely from your computer
and maintain confidentiality of the message. Any unauthorized disclosure, distribution, or
use of the contents of this message is prohibited and subjects the user to penalty of law.


Relevant Pages

  • Re: [Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted
    ... The Cisco PSIRT is aware of reports that claim the Cisco VPN Client ... > a deterministic encryption sheme and thus must be ...
    (Bugtraq)
  • Re: [Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted
    ... The Cisco PSIRT is aware of reports that claim the Cisco VPN Client ... > a deterministic encryption sheme and thus must be ...
    (Full-Disclosure)
  • Re: PCanywhere and ISA 2000
    ... - The RWW is only a special implementation of the Advanced TS client. ... A VPN typically will be only ... If 128-bit encryption using an algorithm ...
    (microsoft.public.windows.server.sbs)
  • Re: Is TS Secure?
    ... Claudio's response is correct and the terminal server traffic is encrypted ... a VPN puts the remote computer on the company subnet and ... > If your company requires additional encryption or they are paranoid, ... > VPN to the picture. ...
    (microsoft.public.windows.terminal_services)
  • Re: remote desktop question
    ... "The encryption for the TSAC depends on the server ... client is available in all languages. ... if you're interested in either the VPN or OpenSSH you can go to: ...
    (Security-Basics)