Re: RWW revisited

From: Les Connor [SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 09/04/04

Next message: Les Connor [SBS MVP]: "Re: Which Broadband Connection type for 2 NICS, dynamic IP"
Previous message: AJ: "Re: Hotspots?"
In reply to: Lanwench [MVP - Exchange]: "Re: RWW revisited"
Next in thread: Lanwench [MVP - Exchange]: "Re: RWW revisited"
Reply: Lanwench [MVP - Exchange]: "Re: RWW revisited"
Messages sorted by: [ date ] [ thread ]

Date: Fri, 3 Sep 2004 23:15:12 -0500

>However, I'd add
> that actually, there isn't much difference in the sense that once
> someone's
> in, they have the same rights on the network that they'd have if they were
> in the office....true for VPN or for Remote Deskto

Not so. RDP doesn't expose the target network to the client unless you
select 'connect disk drives'. You're simply looking at images and
maniuplating the remote via the images. Connect disk drives should never be
done from an untrusted client (neither should VPN).

On a related note, publishing companyweb via RWW exposes a risk similar to
'connect drives', in that documents from the remote client can be
transferred to the host.

-- 
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !
"Lanwench [MVP - Exchange]" 
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message 
news:OEoVV9ikEHA.1356@TK2MSFTNGP09.phx.gbl...
> Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
>> You wanted to know how secure RWW was and I'm comparing to a VPN
>> connection.
>>
>> Remote web workplace is a port 443 connection and then it dynamically
>> opens up port 4125.  VPN opens up a tunnel back to your entire
>> network.
>
> I like your description here in general - it's well put. However, I'd add
> that actually, there isn't much difference in the sense that once 
> someone's
> in, they have the same rights on the network that they'd have if they were
> in the office....true for VPN or for Remote Desktop. Complex passwords &
> forced regular changes are a must - as are all the other things you
> mentioned....
>
> And there's also the difference to consider between IPSEC and PPTP, when 
> you
> talk VPN, just to put more worms in the can. :-)
>>
>> Thus in comparing two types of remote connection to your firm, I would
>> argue that 443 protects your inner "goo" of the network better than a
>> VPN connection.
>>
>> How secure is RWW?  Do you use passphrases instead of passwords?  I
>> would argue that I would recommend in ALL cases to only use your own
>> laptop or computers for remote access and never kiosks at Kinkos as a
>> case in NYC had a guy with a keystroke logger get usernames and
>> passwords.
>>
>> Is RWW secure?  Like anything, if it's part of a process where you
>>
>> Patch your server
>> Ensure the firewall is only open for what you need
>> Antivirus is installed
>> Passphrases instead of passwords and change them on a regular basis
>>
>> They we do just fine.
>>
>> Is it "secure".  It's an open port, it is a risk, but it's one that
>> they've put in place processes and procedures to ensure that it's less
>> risky than other things.
>>
>> I had to just say "yes, it's secure".  If you didn't patch your
>> server,
>> no it's not.  If you ran with no antivirus, no that's not secure.  If
>> you used dumb or blank passwords, no that's not secure either.
>>
>> I can't just look at the one mechanism and say "oh, yes it's
>> absolutely secure!".  If you put the password of admin on your
>> Administrator
>> account, no... it's not secure at all.
>>
>> Does that help?
>>
>> pete wrote:
>>> Thanks for the link Susan but after reading it I am not
>>> exactly
>>> sure what it is trying to tell me. Would you be so kind
>>> to interpret the message to me in layman's terms.
>>>
>>> Thanks again,
>>>
>>>
>>> Pete
>>>
>>>
>>>> -----Original Message-----
>>>> RWW revisited [Remote Web Workplace]:
>>>> http://msmvps.com/bradley/archive/2004/08/23/12245.aspx
>>>>
>>>>
>>>> pete wrote:
>>>>
>>>>> Does anyone know how secure it is to be using Remote
>>>
>>> Web
>>>
>>>>> Workplace? Are there any concerns that I should have?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Pete
>>>>
>>>> --
>>>> http://www.sbslinks.com/really.htm
>>>>
>>>> .
>>>>
>>>
>>> .
>
>

Next message: Les Connor [SBS MVP]: "Re: Which Broadband Connection type for 2 NICS, dynamic IP"
Previous message: AJ: "Re: Hotspots?"
In reply to: Lanwench [MVP - Exchange]: "Re: RWW revisited"
Next in thread: Lanwench [MVP - Exchange]: "Re: RWW revisited"
Reply: Lanwench [MVP - Exchange]: "Re: RWW revisited"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

RE: Remote desktop over a VPN
... I understand the issue to be: you have created VPN ... from SBS to remote network, however you can not VPN to remote network from ... This issue may occur because the ISA Server Firewall Client program does ...
(microsoft.public.windows.server.sbs)
Re: Remote User Management
... The problem is management of remote computers and compliance ... when they do not have network ... We have been considering installing Site-Link VPN appliances at the ... establish connectivity to domain resources. ...
(microsoft.public.windows.server.active_directory)
Re: VPN Connection to remote site.
... If you need further assistance about SBS and ISA in the future, please feel free to post back. ... >Subject: Re: VPN Connection to remote site. ... >problematic and we found that the EPOS PC tended to drop off the network ...
(microsoft.public.windows.server.sbs)
Re: Remote site browsing and file access
... than routing typically causes for remote netbios name resolution). ... -- uses software VPN to connect 10.10.0.0/255.255.248.0 network to remote ... -- Server provides all local DNS and DHCP ...
(microsoft.public.windows.server.sbs)
Re: RASd in : why traffic sent through VPN router ?
... inet gateway to 10+ secs when routed through remote VPN inet gateway. ... Exchange Server on the local network, ...
(microsoft.public.windowsxp.network_web)