Re: RDP & IP security help
- From: "Anthony [MVP]" <anthony@xxxxxxxxxxxx>
- Date: Fri, 24 Oct 2008 12:44:02 +0100
Here's a technet tutorial for VPN on ISA: http://technet.microsoft.com/en-us/magazine/cc137756.aspx
That should be enough to set it up. As regards VPN's generally, the main issues are:
- Strong authentication: how do you know it is really them, and not just someone who has obtained their password, e.g from an internet cafe with a keylogger?
- Client administration: how will you configure and administer the clients? How will the user install a client where they are not admins?
- Network protection: how will you protect the network from a dangerous remote computer, e.g one with a virus? What should you be able to access remotely, and what not?
The more complicated VPN solutions deal with these problems where the simple implementation of PPTP->ISA does not.
Hope that helps,
Anthony
http://www.airdesk.com
"silver1386" <silver1386@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:51E18AB9-DFC8-4EB1-86DF-4C4D75009F82@xxxxxxxxxxxxxxxx
Thanks Anthony. I've been looking into it a bit more today. They just dumped.
a lot of money into a new ISA server so yeah they will want to use that and
get away from the RDP. Do you know where I can get started looking for info
on this? Thanks for the info on the NAT i can do that, I guess I didn't
understand what they were looking for.
"Anthony [MVP]" wrote:
Hi Silver,
You need something to provide secure remote access. Any number of ways to do
that. Maybe your firewall can already do it.
- Microsoft = RRAS on a server, or ISA server
- Cisco = ASA
- Citrix = Secure Gateway
and many many more.
Changing the addresses in the DMZ just means using NAT on the firewall to
translate between public and private addresses.
Hope that helps,
Anthony,
http://www.airdesk.com
"silver1386" <silver1386@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:608E18E1-F196-4E9D-B5EA-7CF7C1B77AD3@xxxxxxxxxxxxxxxx
> If I am in the wrong forum could someone please redirect me. I am also
> looking for more forums and pages to learn from.
>
> I just got a job as a network admin in a mid side company (350 users) > to
> be
> honest some of this is over my head, but that's a great way to learn. > they
> currently run 8 servers (web, print & file, AD, ISA, mail, exchange, > sql,
> rds) All on Windows Server 2003 (one on my future projects is upgrading > to
> 2008)
>
> The company recently had an audit done and they want me to tie some > stuff
> up:
>
> Remote Access:
> - Cannont expose RDP to the internet without tunneling
> - Restrict RDP to users who need it.
> - All remote access hould be going through a VPN connection
>
> Network Design:
> - If possible remove the external IP address from the DMZ
> - Limit the number of external IP addresses used.
>
> The audit says all the above requires additional hardware. For the time
> being my boss wants an cost estimate for the budget. I don't have a > clue
> what
> is required here. Any suggestions? Let me know if you need more info.
> Greatly
> appreciated!
- Follow-Ups:
- Re: RDP & IP security help
- From: silver1386
- Re: RDP & IP security help
- References:
- RDP & IP security help
- From: silver1386
- Re: RDP & IP security help
- From: Anthony [MVP]
- Re: RDP & IP security help
- From: silver1386
- RDP & IP security help
- Prev by Date: Re: RDP & IP security help
- Next by Date: Re: RDP & IP security help
- Previous by thread: Re: RDP & IP security help
- Next by thread: Re: RDP & IP security help
- Index(es):
Relevant Pages
|
