Re: Remote Desktop and VPN
From: SuperGumby [SBS MVP] (not_at_your.nellie)
Date: 01/21/05
- Next message: Jack Nielsen: "Re: Migrate ?"
- Previous message: Jerry zhao : "RE: email stuck in outbox"
- In reply to: daniel: "Re: Remote Desktop and VPN"
- Next in thread: daniel: "Re: Remote Desktop and VPN"
- Reply: daniel: "Re: Remote Desktop and VPN"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 21 Jan 2005 20:10:59 +1100
OOOOOOOH, a vehement disagreement, just what I needed.
Did I say RDP via RWW _was_ RDP over HTTPS, not in my estimation. However,
RDP via RWW uses an HTTPS connection to initiate an RDP connection,
particularly if you have an SBS 2003 Premium system including a 2 NIC ISA
configuration it is VERY secure. GO ON, TRY IT, try to connect to my IP on
port 4125 (mickmalloy.dyndns.org), I can, after logging into RWW and
choosing the right options.
VPNs are less secure per se. Not because they are PPTP vs L2TP vs IPSEC vs
WHATEVER. When you allow a remote user to VPN into your network you
basically invite their whole network into yours, you don't control their
machine let alone their network.
eg. The CEO wants a permanent connection from home to the office, so you put
a VPN capable router at his home. His kids also want internet access through
the same device. He's a cheapskate and won't pay for dedicated connections
for the two activities, and why should he? The CEO is a smart internet user,
but what about his 10yr old running Kazaa?
RDP via RWW does not compromise your network in this manner.
"daniel" <daniel@nospampreferkosherkingsleynetworks.com> wrote in message
news:uezpeX5$EHA.2032@tk2msftngp13.phx.gbl...
> RWW is NOT RDP over HTTPS it is merely a convenient method of connecting
> to users remote desktops etc. by redirecting them to a web page it still
> uses RDP 'unwrapped'
>
> PPTP VPNs ie the default setup is a very poor example of supposedly secure
> access. I was merely pointing out that there are better ways of allowing
> remote users etc a more secure experience that are immediately available
> without additional cost just a little thought, reading and
> experimentation.
> If you remain confident about displaying a hack me here logo then by all
> means off you go and publish RDP. I am suggesting alternatives that are
> very easy to implement and will increase your security by an order of
> magnitude at least as far as encryption and two factor authentication is
> concerned.
> I'll tell you something else, SSH runs fine on any Windows box, its very
> cool and its also free unless you really have to have an installer or
> support etc. I'll grant you its not a bundled application but nor is anti
> virus, a decent spyware solution nor a decent backup solution included in
> SBS , does that mean I shouldn't try and install them?
>
> I agree about the VPN there are pitfalls to all solutions and nobody is
> really secure, I just hate the Blase.
> publish this publish that, when you know as well as I do the majority of
> people are using default out of the box setups without thought of security
> and don't look for better alternatives.
>
> regards
>
> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
> news:utTgUs4$EHA.608@TK2MSFTNGP15.phx.gbl...
>> VPN is no more secure than direct publishing of TS. Matter of fact, from
>> some angles a VPN is much less secure.
>> Just how are you going to use SSH in an SBS environment?
>> MS released RDP via RWW some time ago, many SBS2003 owners use this
>> facility.
>>
>> "daniel" <daniel@nospampreferkosherkingsleynetworks.com> wrote in message
>> news:uK8aBbk$EHA.1564@TK2MSFTNGP09.phx.gbl...
>>> Yes there is a small risk when publishing a remote desktop directly. VPN
>>> or SSH port forwarding is a better way. Standard PPTP VPNs carry a risk
>>> so try with EAP/TLS or L2TP/IPSEC. If you have ISA you can just disable
>>> the filter allowing inbound TCP 3389 on standard edition run the CEICW
>>> and uncheck Terminal Services.
>>>
>>> You can also use RWW to connect to remote desktop but I don't believe
>>> this is anymore secure. Microsoft are due to release RDP over HTTPS much
>>> like the Exchange RPC proxy so this will eventually provide what we are
>>> all looking for.
>>>
>>>
>>> "Tom S" <TomS@discussions.microsoft.com> wrote in message
>>> news:ED5F968E-C012-4851-A303-53248C9DA4C1@microsoft.com...
>>>>I can access our SBS 2003 from remote with Remote Desktop using the
>>>>external
>>>> IP address but I am concerned with security of this and would rather
>>>> have
>>>> this set to not allow a remote session to our public IP address. I
>>>> would like
>>>> to set up the system to only allow Remote Desktop to the internal IP of
>>>> the
>>>> server, VPN into the system and then use remote desktop to the local
>>>> IP. If I
>>>> VPN in now I can connect to the server using the internal IP but I can
>>>> also
>>>> remote in without VPN by using our external IP. Isn't this a security
>>>> risk?
>>>>
>>>> Can this be setup this way?
>>>>
>>>> Thanks in advance for any help.
>>>>
>>>> Tom
>>>
>>>
>>
>>
>
>
- Next message: Jack Nielsen: "Re: Migrate ?"
- Previous message: Jerry zhao : "RE: email stuck in outbox"
- In reply to: daniel: "Re: Remote Desktop and VPN"
- Next in thread: daniel: "Re: Remote Desktop and VPN"
- Reply: daniel: "Re: Remote Desktop and VPN"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
