Re: RDP & IP security help

From: "Anthony [MVP]" <anthony@xxxxxxxxxxxx>
Date: Fri, 24 Oct 2008 15:06:35 +0100

Its a pleasure, happy reading
Anthony

"silver1386" <silver1386@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:568B1293-39C5-4358-9E81-3429599501DD@xxxxxxxxxxxxxxxx

Thanks again Anthony. Those are good security points. Looks like I have
plenty of reading to do this weekend. Have a good weekend!

"Anthony [MVP]" wrote:

Here's a technet tutorial for VPN on ISA:
http://technet.microsoft.com/en-us/magazine/cc137756.aspx
That should be enough to set it up. As regards VPN's generally, the main
issues are:
- Strong authentication: how do you know it is really them, and not just
someone who has obtained their password, e.g from an internet cafe with a
keylogger?
- Client administration: how will you configure and administer the clients?
How will the user install a client where they are not admins?
- Network protection: how will you protect the network from a dangerous
remote computer, e.g one with a virus? What should you be able to access
remotely, and what not?
The more complicated VPN solutions deal with these problems where the simple
implementation of PPTP->ISA does not.
Hope that helps,
Anthony
http://www.airdesk.com

"silver1386" <silver1386@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:51E18AB9-DFC8-4EB1-86DF-4C4D75009F82@xxxxxxxxxxxxxxxx
> Thanks Anthony. I've been looking into it a bit more today. They just
> dumped
> a lot of money into a new ISA server so yeah they will want to use that
> and
> get away from the RDP. Do you know where I can get started looking for
> info
> on this? Thanks for the info on the NAT i can do that, I guess I didn't
> understand what they were looking for.
>
> "Anthony [MVP]" wrote:
>
>> Hi Silver,
>> You need something to provide secure remote access. Any number of ways >> to
>> do
>> that. Maybe your firewall can already do it.
>> - Microsoft = RRAS on a server, or ISA server
>> - Cisco = ASA
>> - Citrix = Secure Gateway
>> and many many more.
>> Changing the addresses in the DMZ just means using NAT on the firewall >> to
>> translate between public and private addresses.
>> Hope that helps,
>> Anthony,
>> http://www.airdesk.com
>>
>> "silver1386" <silver1386@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:608E18E1-F196-4E9D-B5EA-7CF7C1B77AD3@xxxxxxxxxxxxxxxx
>> > If I am in the wrong forum could someone please redirect me. I am >> > also
>> > looking for more forums and pages to learn from.
>> >
>> > I just got a job as a network admin in a mid side company (350 >> > users)
>> > to
>> > be
>> > honest some of this is over my head, but that's a great way to >> > learn.
>> > they
>> > currently run 8 servers (web, print & file, AD, ISA, mail, exchange,
>> > sql,
>> > rds) All on Windows Server 2003 (one on my future projects is >> > upgrading
>> > to
>> > 2008)
>> >
>> > The company recently had an audit done and they want me to tie some
>> > stuff
>> > up:
>> >
>> > Remote Access:
>> > - Cannont expose RDP to the internet without tunneling
>> > - Restrict RDP to users who need it.
>> > - All remote access hould be going through a VPN connection
>> >
>> > Network Design:
>> > - If possible remove the external IP address from the DMZ
>> > - Limit the number of external IP addresses used.
>> >
>> > The audit says all the above requires additional hardware. For the >> > time
>> > being my boss wants an cost estimate for the budget. I don't have a
>> > clue
>> > what
>> > is required here. Any suggestions? Let me know if you need more >> > info.
>> > Greatly
>> > appreciated!
>>
>>

References:
- RDP & IP security help
  - From: silver1386
- Re: RDP & IP security help
  - From: Anthony [MVP]
- Re: RDP & IP security help
  - From: silver1386
- Re: RDP & IP security help
  - From: Anthony [MVP]
- Re: RDP & IP security help
  - From: silver1386

Prev by Date: Re: RDP & IP security help
Next by Date: adding server authentication cert error
Previous by thread: Re: RDP & IP security help
Next by thread: adding server authentication cert error
Index(es):
- Date
- Thread

Relevant Pages

Re: ASP.NET -> SQL Server : Impersonation not working!
... when we use implicit impersonation like: ... session which doesn't have network credential for further network hop. ... the asp.net use clientside credential to access the remote sqlserver will ... browser, when the IIS accept the clientside credential, it ...
(microsoft.public.dotnet.framework.aspnet)
Re: VPN on Small Business Server 2k3
... IP address of the internal nic on the SBS box? ... XP client that is trying to connect? ... but could not browse the network. ... > The remote client is connecting from an outside site. ...
(microsoft.public.windows.server.sbs)
Re: Remote desktop over a VPN
... from SBS LAN client computer I can always ping to any ... client in the remote network, but just "sometimes" I can remote desktop ...
(microsoft.public.windows.server.sbs)
Re: vpn problem
... I cannot ping any remote client. ... You might not have permission to use this network resource. ... *VPN Troubleshooting* Tools. ...
(microsoft.public.windows.server.networking)
Re: mmap stdout
... reading the redirected output and then send ... it over the network to the client. ...
(comp.unix.programmer)