Re: Remote desktop over vpn
- From: "Somebody." <somebody.@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Dec 2005 11:57:21 -0500
"Jeff B" <jbeardNo-Spam1185@xxxxxxxxxxxx> wrote in message
news:Q7adnTBdjf_i3gLenZ2dnUVZ_tydnZ2d@xxxxxxxxxxxxxxx
> >Yes, but in most cases people posting to this group don't have their
> >firewall setup to restrict at the port/service level. I suspect that VNC
> >would work just fine.
> >
> >90% of people, when configuring a VPN, configure it wide open, all ports
> >and protocols.
>
> Can you define ASSUME? Murphy will bite the user and the enterprise that
> is silly enoungh to do either!
>
> Even Joe XP/Home edition users are implementing deny all/all, so lot's of
> luck.
>
> --
> ---
> Jeff B (remove the No-Spam to reply)
Jeff, how many corporate VPN's have you had experience with?
The suggestion that 90% of people configure a VPN wide open is, in my
*experience* approximately correct. Perhaps 10 to 20 percent high, but no
more.
One of the first things we typically address when consulted.
The reason is that they use the tunnel to run a workstation from remote as
if it were on the LAN. Have you ever tried to enumerate all the ports and
protocols required for a typical corporate workstation to do a domain log
in, run exchange, read file shares, print, hit a few client/server
applications, and allow the centrally managed coprorate update/virus/support
tools? Once you open that much stuff up, you may as well open up the rest
because your behind is hanging out so far anyway on so many interesting
services...
-Russ.
.
- Follow-Ups:
- Re: Remote desktop over vpn
- From: Volker Birk
- Re: Remote desktop over vpn
- References:
- Re: Remote desktop over vpn
- From: Jeff B
- Re: Remote desktop over vpn
- Prev by Date: Re: WinXP SP2 firewall
- Next by Date: Re: Remote desktop over vpn
- Previous by thread: Re: Remote desktop over vpn
- Next by thread: Re: Remote desktop over vpn
- Index(es):
Relevant Pages
|
