Re: Remote Desktop and VPN

From: daniel (daniel_at_nospampreferkosherkingsleynetworks.com)
Date: 01/21/05 

Date: Fri, 21 Jan 2005 08:47:57 -0000

 RWW is NOT RDP over HTTPS it is merely a convenient method of connecting to
users remote desktops etc. by redirecting them to a web page it still uses
RDP 'unwrapped'

PPTP VPNs ie the default setup is a very poor example of supposedly secure
access. I was merely pointing out that there are better ways of allowing
remote users etc a more secure experience that are immediately available
without additional cost just a little thought, reading and experimentation.
 If you remain confident about displaying a hack me here logo then by all
means off you go and publish RDP. I am suggesting alternatives that are very
easy to implement and will increase your security by an order of magnitude
at least as far as encryption and two factor authentication is concerned.
I'll tell you something else, SSH runs fine on any Windows box, its very
cool and its also free unless you really have to have an installer or
support etc. I'll grant you its not a bundled application but nor is anti
virus, a decent spyware solution nor a decent backup solution included in
SBS , does that mean I shouldn't try and install them?

I agree about the VPN there are pitfalls to all solutions and nobody is
really secure, I just hate the Blase.
publish this publish that, when you know as well as I do the majority of
people are using default out of the box setups without thought of security
and don't look for better alternatives.

regards

"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
news:utTgUs4$EHA.608@TK2MSFTNGP15.phx.gbl...
> VPN is no more secure than direct publishing of TS. Matter of fact, from
> some angles a VPN is much less secure.
> Just how are you going to use SSH in an SBS environment?
> MS released RDP via RWW some time ago, many SBS2003 owners use this
> facility.
>
> "daniel" <daniel@nospampreferkosherkingsleynetworks.com> wrote in message
> news:uK8aBbk$EHA.1564@TK2MSFTNGP09.phx.gbl...
>> Yes there is a small risk when publishing a remote desktop directly. VPN
>> or SSH port forwarding is a better way. Standard PPTP VPNs carry a risk
>> so try with EAP/TLS or L2TP/IPSEC. If you have ISA you can just disable
>> the filter allowing inbound TCP 3389 on standard edition run the CEICW
>> and uncheck Terminal Services.
>>
>> You can also use RWW to connect to remote desktop but I don't believe
>> this is anymore secure. Microsoft are due to release RDP over HTTPS much
>> like the Exchange RPC proxy so this will eventually provide what we are
>> all looking for.
>>
>>
>> "Tom S" <TomS@discussions.microsoft.com> wrote in message
>> news:ED5F968E-C012-4851-A303-53248C9DA4C1@microsoft.com...
>>>I can access our SBS 2003 from remote with Remote Desktop using the
>>>external
>>> IP address but I am concerned with security of this and would rather
>>> have
>>> this set to not allow a remote session to our public IP address. I would
>>> like
>>> to set up the system to only allow Remote Desktop to the internal IP of
>>> the
>>> server, VPN into the system and then use remote desktop to the local IP.
>>> If I
>>> VPN in now I can connect to the server using the internal IP but I can
>>> also
>>> remote in without VPN by using our external IP. Isn't this a security
>>> risk?
>>>
>>> Can this be setup this way?
>>>
>>> Thanks in advance for any help.
>>>
>>> Tom
>>
>>
>
>

Relevant Pages

  • Re: how to have secure remote desktop a connection
    ... Remote Desktop is natively encrypted... ... With that said, some folks, including myself run RDP through a VPN or SSH ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Remote Desktop
    ... networking so pardon me if I ask questions that are too basic. ... > or "VPN Pass Through". ... > See these pages for additional help with RDP... ... >> connect either through VPN or plain remote desktop and configured my ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Remote Desktop and VPN
    ... Did I say RDP via RWW _was_ RDP over HTTPS, ... VPNs are less secure per se. ... When you allow a remote user to VPN into your network you ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote Desktop and VPN
    ... I'm wrong about RWW according to MS it is pretty much RDP over HTTP and I ... myself but merely to suggest ways to make them both more secure. ... When you allow a remote user to VPN into your network you ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote Desktop and VPN
    ... VPN is no more secure than direct publishing of TS. ... > Yes there is a small risk when publishing a remote desktop directly. ...
    (microsoft.public.windows.server.sbs)